RE: IPFW and the FTP protokoll
From: Oliver Fehr (oliver.fehr@ofehr.com)
Date: 01/09/01
- Next message: Lyndon Nerenberg: "Re: What do these mean?"
- Previous message: Pär Thoren: "IPFW and the FTP protokoll"
- Maybe in reply to: Pär Thoren: "IPFW and the FTP protokoll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Jan 2001 18:55:25 +0100 From: "Oliver Fehr" <oliver.fehr@ofehr.com> To: Pär Thoren <t98pth@student.hk-r.se>, <freebsd-questions@freebsd.org>, <freebsd-security@freebsd.org>
this is because the remote server cannot initiate a connection to your
machine port 20 (which is ok).
you can use ftp -p to do what you want. this opens a passive ftp
connection without using port 20.
hope this helps
oliver
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Pär Thoren
> Sent: Tuesday, January 09, 2001 5:53 PM
> To: freebsd-questions@freebsd.org; freebsd-security@freebsd.org
> Subject: IPFW and the FTP protokoll
>
>
> Hi!
>
>
> I have fsbsd acting as a bridge with ipfw.
> Everything is working fine except the FTP protokoll.
>
> I the following to rules to allow ftp:
>
> # FTP-DATA.
> ${ipfw} add pass tcp from any to any 20 in via ${oif}
> # FTP.
> ${ipfw} add pass tcp from any to any 21 in via ${oif}
>
>
> To my knowledge ftp uses the ftp port (default 21) and
> ftpport -1 for data
> and the result for commands like 'ls'.
>
> The problem.
> I can log into a ftp server behind the firewall with no problem (port
> 21). But when I try to execute ls or another command it doesn´t work.
> Nothing happends.
>
> I used the program tcpflow to monitor the tcpinfo when using
> ftp when the firewall was open for all traffic. The result was:
>
> (10.0.0.1 ftp client)
> (192.168.1.1 ftp server behind firewall)
>
> ---------
> 10.0.0.1.01034-192.168.1.1.00021
>
> USER admin
> PASS ftppass
> SYST
> EPSV
> LIST
>
>
> ---------
> 192.168.1.1.00021-10.0.0.1.01034
>
> 220 ftp.behind.firewall FTP server (Version 6.00LS) ready.
> 331 Password required for admin.
> 230 User admin logged in.
> 215 UNIX Type: L8 Version: BSD-199506
> 229 Entering Extended Passive Mode (|||49175|)
> 150 Opening ASCII mode data connection for '/bin/ls'.
> 226 Transfer complete.
>
>
>
> --------
> 192.168.1.1.49175-10.0.0.1.01035
>
> -rw------- 1 admin wheel 3889 Jan 9 17:21 .bash_history
> -rw-r--r-- 1 admin wheel 264 Aug 17 19:04 .bash_profile
> -rw-r--r-- 1 admin wheel 628 Oct 19 12:51 .cshrc
> -rw------- 1 admin wheel 1882 Oct 25 14:03 .history
> -rw-r--r-- 1 admin wheel 299 Oct 19 12:51 .login
> -rw-r--r-- 1 admin wheel 160 Oct 19 12:51 .login_conf
> -rw------- 1 admin wheel 371 Oct 19 12:51 .mail_aliases
>
>
> The connections over port 21 seems fine but the result of
> 'ls' isn´t over
> port 20.
>
> Any ideas why?!
>
> /Pär
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Lyndon Nerenberg: "Re: What do these mean?"
- Previous message: Pär Thoren: "IPFW and the FTP protokoll"
- Maybe in reply to: Pär Thoren: "IPFW and the FTP protokoll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
