> Does it work with ipfw disabled?  If so, then it seems resonable that ipfw 
> is causing the problem.  One of the ftp modes (pasv or port) requires high 
> level ports to be accessible on the server.  I just started drinking 
> coffee this moring, so i can't remember which one yet. :)

Drink faster man! ;)

Do these tests:
1) FTP active mode with firewall enabled
2) FTP active mode with firewall at allow all
3) FTP passive mode with firewall enabled

If 2 & 3 succeed and 1 doesn't ... then it's your firewall.  Other
combinations indicate other problems which may be more complex.

FTP active mode requires that the server can make a connection _back_ to
the client.  This fails over NAT boundries and many different firewall
configs.  Passive mode causes the client to make a _second_ connection to
the server on a high, random port.  This traverses NAT pretty well, but
requires proper rules in the server's packet filter to allow the connections
to succeed.  I believe the man page on ftpd has more detail.  The "random,
high" ports that can be used is configurable.  I believe these two sysctls
control it:
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535

> If i remember right, the default ftpd is influenced by hosts.allow and 
> hosts.deny too.
> On Thu, 1 Jul 2004 [EMAIL PROTECTED] wrote:
> >
> > I am running FreeBSD 4.9 RELEASE running the standard ftpd.  I can act as an
> > ftp client from the console OK, however when I try to ftp from a client PC
> > to the server running ftpd (which is running ipfw) the ftp server receives
> > the packet sent to port 21 and replies however it will not initiate a DATA
> > connection back to the client from port 20.  I had my client configured to
> > use ACTIVE FTP.  I have also tried PASSIVE without any difference.  I do not
> > have a firewall on the client and can successfully FTP to another FreeBSD
> > box.
> > None of the rules on my firewall that deny packets coming back from the ftp
> > servers ipfw firewall are being hit. Does anyone have any ideas?
> > Regards, J.S
> > _______________________________________________
> > [EMAIL PROTECTED] mailing list
> >
> > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> >
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Bill Moran
Potential Technologies
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to