I am working on a ipfw ruleset and I am having problems with ftp. The ruleset resides on the same server as the ftp server. Can someone provide me with a ruleset or partial ruleset that permits passive ftp to work properly.


If anyone out there is feeling really generous and would be willing to post or PM a full ruleset used for hosting, that would be even better....although I think I am about 95% there already....any ideas are helpful.

TIA

For passive to work you have to allow out most all connections originating inside. I know this isnt of much help ill get with a tech and see if I cant hunt you up a ruleset.

I use IPF on Freebsd but this is what I had to do to get it to work assuming you're using proftpd.

vi /usr/local/etc/proftpd.conf

Add the following lines anywhere within the <Global> section:

# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts 49152 65534


Then you allow the port range 49152 65534 in your firewall, like I said i'm not sure what the syntax would be on IPFW but this is what it is on ipf hopefully you should get the syntax for ipfw from someone here.

pass in quick proto tcp from any to any port 49151 >< 65535 flags S keep state

Hope this helps.

email me offlist, i can help you with ipfw if you need it..
nightwar@galaxywave.net