User LAFFER1 <[EMAIL PROTECTED]> wrote: > Does it work with ipfw disabled? If so, then it seems resonable that ipfw > is causing the problem. One of the ftp modes (pasv or port) requires high > level ports to be accessible on the server. I just started drinking > coffee this moring, so i can't remember which one yet. :)
Drink faster man! ;) Do these tests: 1) FTP active mode with firewall enabled 2) FTP active mode with firewall at allow all 3) FTP passive mode with firewall enabled If 2 & 3 succeed and 1 doesn't ... then it's your firewall. Other combinations indicate other problems which may be more complex. FTP active mode requires that the server can make a connection _back_ to the client. This fails over NAT boundries and many different firewall configs. Passive mode causes the client to make a _second_ connection to the server on a high, random port. This traverses NAT pretty well, but requires proper rules in the server's packet filter to allow the connections to succeed. I believe the man page on ftpd has more detail. The "random, high" ports that can be used is configurable. I believe these two sysctls control it: net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 > If i remember right, the default ftpd is influenced by hosts.allow and > hosts.deny too. > > On Thu, 1 Jul 2004 [EMAIL PROTECTED] wrote: > > > > > I am running FreeBSD 4.9 RELEASE running the standard ftpd. I can act as an > > ftp client from the console OK, however when I try to ftp from a client PC > > to the server running ftpd (which is running ipfw) the ftp server receives > > the packet sent to port 21 and replies however it will not initiate a DATA > > connection back to the client from port 20. I had my client configured to > > use ACTIVE FTP. I have also tried PASSIVE without any difference. I do not > > have a firewall on the client and can successfully FTP to another FreeBSD > > box. > > None of the rules on my firewall that deny packets coming back from the ftp > > servers ipfw firewall are being hit. Does anyone have any ideas? > > Regards, J.S > > _______________________________________________ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Bill Moran Potential Technologies http://www.potentialtech.com _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"