Results 1 to 4 of 4
  1. #1

    ipfw freebsd and ftp

    I am working on a ipfw ruleset and I am having problems with ftp. The ruleset resides on the same server as the ftp server. Can someone provide me with a ruleset or partial ruleset that permits passive ftp to work properly.

    If anyone out there is feeling really generous and would be willing to post or PM a full ruleset used for hosting, that would be even better....although I think I am about 95% there already....any ideas are helpful.

    *AlphaOmegaHosting.Com* - Hosting since 1998
    Managed Dedicated Servers and VPS
    Hosted Exchange 2010 Email Service

  2. #2
    Join Date
    Jun 2000
    Wichita, Ks, USA
    For passive to work you have to allow out most all connections originating inside. I know this isnt of much help ill get with a tech and see if I cant hunt you up a ruleset. carrier grade colocation at a affordable price!
    Charles Baker - Company Operations

  3. #3
    Join Date
    Jan 2002
    Dallas, TX
    I use IPF on Freebsd but this is what I had to do to get it to work assuming you're using proftpd.

    vi /usr/local/etc/proftpd.conf

    Add the following lines anywhere within the <Global> section:

    # Restrict the range of ports from which the server will select when sent the
    # PASV command from a client. Use IANA-registered ephemeral port range of
    # 49152-65534
    PassivePorts 49152 65534

    Then you allow the port range 49152 65534 in your firewall, like I said i'm not sure what the syntax would be on IPFW but this is what it is on ipf hopefully you should get the syntax for ipfw from someone here.

    pass in quick proto tcp from any to any port 49151 >< 65535 flags S keep state

    Hope this helps.

  4. #4
    Join Date
    Dec 2003
    Mentor, Ohio

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts