Re: FTP server will not initiate DATA connection back to client
I would look into the proftpd port. More information regarding proftp can be found at http://www.proftpd.org. I've found this to be a stable and security feature rich ftp server. Scott. On Wed, 15 Sep 2004 19:12:05 -0600, RYAN vAN GINNEKEN <[EMAIL PROTECTED]> wrote: > I am tring to setup anon ftp on my bsd box and followed the directions > layed out on this web page > http://www.freebsddiary.org/ftp-anonymous.php but to no avial. The anon > user should be able to browse the dirctories and upload files to > incoming but not be able to downlaod or erase files from the incoming > directory. My problem is that the anon user can download files from the > incoming directory and i have already had script kiddies up and down > loading files can someone please help. > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server will not initiate DATA connection back to client
I am tring to setup anon ftp on my bsd box and followed the directions layed out on this web page http://www.freebsddiary.org/ftp-anonymous.php but to no avial. The anon user should be able to browse the dirctories and upload files to incoming but not be able to downlaod or erase files from the incoming directory. My problem is that the anon user can download files from the incoming directory and i have already had script kiddies up and down loading files can someone please help. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server will not initiate DATA connection back to client
User LAFFER1 <[EMAIL PROTECTED]> wrote: > Does it work with ipfw disabled? If so, then it seems resonable that ipfw > is causing the problem. One of the ftp modes (pasv or port) requires high > level ports to be accessible on the server. I just started drinking > coffee this moring, so i can't remember which one yet. :) Drink faster man! ;) Do these tests: 1) FTP active mode with firewall enabled 2) FTP active mode with firewall at allow all 3) FTP passive mode with firewall enabled If 2 & 3 succeed and 1 doesn't ... then it's your firewall. Other combinations indicate other problems which may be more complex. FTP active mode requires that the server can make a connection _back_ to the client. This fails over NAT boundries and many different firewall configs. Passive mode causes the client to make a _second_ connection to the server on a high, random port. This traverses NAT pretty well, but requires proper rules in the server's packet filter to allow the connections to succeed. I believe the man page on ftpd has more detail. The "random, high" ports that can be used is configurable. I believe these two sysctls control it: net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 > If i remember right, the default ftpd is influenced by hosts.allow and > hosts.deny too. > > On Thu, 1 Jul 2004 [EMAIL PROTECTED] wrote: > > > > > I am running FreeBSD 4.9 RELEASE running the standard ftpd. I can act as an > > ftp client from the console OK, however when I try to ftp from a client PC > > to the server running ftpd (which is running ipfw) the ftp server receives > > the packet sent to port 21 and replies however it will not initiate a DATA > > connection back to the client from port 20. I had my client configured to > > use ACTIVE FTP. I have also tried PASSIVE without any difference. I do not > > have a firewall on the client and can successfully FTP to another FreeBSD > > box. > > None of the rules on my firewall that deny packets coming back from the ftp > > servers ipfw firewall are being hit. Does anyone have any ideas? > > Regards, J.S > > ___ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server will not initiate DATA connection back to client
On Thursday 01 July 2004 07:45 am, [EMAIL PROTECTED] wrote: > I am running FreeBSD 4.9 RELEASE running the standard ftpd. I can > act as an ftp client from the console OK, however when I try to ftp > from a client PC to the server running ftpd (which is running ipfw) > the ftp server receives the packet sent to port 21 and replies > however it will not initiate a DATA connection back to the client > from port 20. I had my client configured to use ACTIVE FTP. I have > also tried PASSIVE without any difference. I do not have a firewall > on the client and can successfully FTP to another FreeBSD box. > None of the rules on my firewall that deny packets coming back from > the ftp servers ipfw firewall are being hit. Does anyone have any > ideas? Regards, J.S In /etc/services, I see the following lines related to ftp: ftp-data 20/tcp#File Transfer [Default Data] ftp-data 20/udp#File Transfer [Default Data] ftp 21/tcp#File Transfer [Control] ftp 21/udp#File Transfer [Control] Are all of these ports open in the firewall? Sending and receiving? (I don't know if all of the ports are needed or not.) Best of luck, Andrew Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server will not initiate DATA connection back to client
Does it work with ipfw disabled? If so, then it seems resonable that ipfw is causing the problem. One of the ftp modes (pasv or port) requires high level ports to be accessible on the server. I just started drinking coffee this moring, so i can't remember which one yet. :) If i remember right, the default ftpd is influenced by hosts.allow and hosts.deny too. On Thu, 1 Jul 2004 [EMAIL PROTECTED] wrote: I am running FreeBSD 4.9 RELEASE running the standard ftpd. I can act as an ftp client from the console OK, however when I try to ftp from a client PC to the server running ftpd (which is running ipfw) the ftp server receives the packet sent to port 21 and replies however it will not initiate a DATA connection back to the client from port 20. I had my client configured to use ACTIVE FTP. I have also tried PASSIVE without any difference. I do not have a firewall on the client and can successfully FTP to another FreeBSD box. None of the rules on my firewall that deny packets coming back from the ftp servers ipfw firewall are being hit. Does anyone have any ideas? Regards, J.S ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FTP server will not initiate DATA connection back to client
I am running FreeBSD 4.9 RELEASE running the standard ftpd. I can act as an ftp client from the console OK, however when I try to ftp from a client PC to the server running ftpd (which is running ipfw) the ftp server receives the packet sent to port 21 and replies however it will not initiate a DATA connection back to the client from port 20. I had my client configured to use ACTIVE FTP. I have also tried PASSIVE without any difference. I do not have a firewall on the client and can successfully FTP to another FreeBSD box. None of the rules on my firewall that deny packets coming back from the ftp servers ipfw firewall are being hit. Does anyone have any ideas? Regards, J.S ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"