On Tue, 2005-04-12 at 08:58, Clement Twine wrote: > >>i have a problem with users accessing my ftp service from the > >>internet. everything was working well until i changed from > >>Linux/shorewall to freebsd/ipfw as my firewall. > >> > >>my setup is briefly as follows: > >> > >>FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET > >> > >>The linux rules were just two (and were working): > >> > >> allow tcp from any to 10.0.0.1 21 > >> allow tcp from 10.0.0.1 21 to any > >> > >>I have the following in ipfw but they have refused to work! > >> > >> ipfw add 00010 allow tcp from any to 10.0.0.1 21 > >> ipfw add 00011 allow tcp from 10.0.0.1 21 to any > >> > >>The problem is that an ftp session is established, but when the > >>session enters passive mode, the ftp session hangs. Are there any > >>other ports that need to be opened? Has anyone had such a problem > >>before? I can see in the logs that unprivileged ports are > >>responding from the ftp server to the requestor - but have tried > >>all combinations of rules to no avail! > > > > You need to use port 20 too. Additionally, passive ftp uses high number > > ports to actually transfer the data. I am not sure how to do this with > > IPFW but there are are a number of tutorials about this try google. > > I have failed to get nothing from google - its seems everyone has > tried series of combinations! > > Anyway, here is my rules: > > ipfw add 00115 pass log tcp from any 1024-65535 to 10.0.0.1 > 49152-65535 > ipfw add 00116 pass log tcp from any to 10.0.0.1 21 in recv sis1 > setup keep-state > ipfw add 00117 pass log tcp from any to 10.0.0.1 20 in recv sis1 > setup keep-state > > but this hasnt helped much. have been trying for days! does > anyone have rules that are working - you can give 'em to me - or > advise where the above rules need tweaking. > > rgds > clem.
This may help: http://www.theserverpages.com/20103/13/ Rob _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"