I m trying to get FTP going through the IPFW firewall. I can connect but I can't get a file listing in my Client Programs (such as Fetch or dreamweaver) which I understand as being handled by port 20. I know it is a firewall issue as if I stop the firewall or come in through VPN the clients work just fine.. I guess with the ability to access securing through a VPN I should be happy but I am really trying to learn and understand IPFW
The logs show notheing accept a successful connect
my ipfw rules are
IPFW show indicates
any insights would be appreciated
The logs show notheing accept a successful connect
my ipfw rules are
Code:
#KS="keep-state"
IPF="ipfw -q add"
ipfw -q -f flush
#loopback
$IPF 10 allow all from any to any via lo0
#$IPF 11 allow all from any to any via re0
#$IPF 12 allow all from any to any via re0_alias
# Allow OPENVPN access
$IPF 15 allow all from any to any via tap0
$IPF 20 allow all from any to 127.0.0.0/8
$IPF 30 allow all from 127.0.0.0/8 to any
$IPF 35 allow all from any to 10.8.0.0/24 keep-state
$IPF 37 allow all from 10.8.0.0/24 to any keep-state
$IPF 40 deny tcp from any to any frag
$IPF 41 deny all from 221.192.199.49 to any
# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc
#$IPF 100 pass log tcp from any 20 to any 1024-65535 setup
$IPF 100 allow log tcp from any to any 20 in
$IPF 105 allow log tcp from any to any 20 out
$IPF 110 allow log tcp from any to any 21 in
$IPF 120 allow log tcp from any to any 21 out
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 190 allow tcp from any to any 80 in
$IPF 192 allow tcp from any to any 8010 in
$IPF 193 allow tcp from any to any 8010 out
$IPF 195 allow tcp from any to any 80 out
#netbios
$IPF 196 allow tcp from any to any 81 in
$IPF 197 allow tcp from any to any 81 out
$IPF 198 allow udp from any to any 81 in
$IPF 199 allow udp from any to any 81 out
$IPF 209 allow tcp from any to any 110 in
$IPF 210 allow tcp from any to any 110 out
$IPF 211 allow udp from any to any 137 in
$IPF 212 allow tcp from any to any 137 in
$IPF 213 allow udp from any to any 137 out
$IPF 214 allow tcp from any to any 137 out
$IPF 215 allow udp from any to any 138 in
$IPF 216 allow tcp from any to any 138 in
$IPF 217 allow udp from any to any 138 out
$IPF 218 allow tcp from any to any 138 out
$IPF 223 allow udp from any to any 139 in
$IPF 224 allow udp from any to any 139 out
$IPF 225 allow tcp from any to any 139 in
$IPF 226 allow tcp from any to any 139 out
$IPF 227 allow tcp from any to any 445 in
$IPF 228 allow tcp from any to any 445 out
$IPF 229 allow udp from any to any 445 in
$IPF 230 allow udp from any to any 445 out
$IPF 231 allow tcp from any to any 993 in
$IPF 232 allow tcp from any to any 993 out
$IPF 233 allow tcp from any to any 995 in
$IPF 234 allow tcp from any to any 995 out
$IPF 235 allow all from any to any dst-port 1194 setup
$IPF 240 allow udp from any to me dst-port 1194
$IPF 245 allow tcp from any to any 2500 in
$IPF 250 allow tcp from any to any 2500 out
$IPF 251 allow tcp from any to any 3128 in
$IPF 252 allow tcp from any to any 3218 out
$IPF 253 allow tcp from any to any 3306 in keep-state
$IPF 254 allow tcp from any to any 3306 out keep-state
$IPF 255 allow tcp from any to any 9000 in
$IPF 255 allow tcp from any to any 9000 out
# deny and log everything
$IPF 500 deny log all from any to any
IPFW show indicates
Code:
00010 2300 12269634 allow ip from any to any via lo0
00015 546 89731 allow ip from any to any via tap0
00020 0 0 allow ip from any to 127.0.0.0/8
00030 0 0 allow ip from 127.0.0.0/8 to any
00035 0 0 allow ip from any to 10.8.0.0/24 keep-state
00037 0 0 allow ip from 10.8.0.0/24 to any keep-state
00040 0 0 deny tcp from any to any frag
00041 0 0 deny ip from 221.192.199.49 to any
00050 0 0 check-state
00060 38208 28951691 allow tcp from any to any established
00070 2806 361654 allow ip from any to any out keep-state
00080 160 13297 allow icmp from any to any
00100 0 0 allow log tcp from any to any dst-port 20 in
00105 0 0 allow log tcp from any to any dst-port 20 out
00110 2 128 allow log tcp from any to any dst-port 21 in
00120 0 0 allow log tcp from any to any dst-port 21 out
00130 17 1012 allow tcp from any to any dst-port 22 in
00140 0 0 allow tcp from any to any dst-port 22 out
00150 51 2568 allow tcp from any to any dst-port 25 in
00160 0 0 allow tcp from any to any dst-port 25 out
00170 127 9194 allow udp from any to any dst-port 53 in
00175 0 0 allow tcp from any to any dst-port 53 in
00180 0 0 allow udp from any to any dst-port 53 out
00185 0 0 allow tcp from any to any dst-port 53 out
00190 69 3732 allow tcp from any to any dst-port 80 in
00192 0 0 allow tcp from any to any dst-port 8010 in
00193 0 0 allow tcp from any to any dst-port 8010 out
00195 0 0 allow tcp from any to any dst-port 80 out
00196 0 0 allow tcp from any to any dst-port 81 in
00197 0 0 allow tcp from any to any dst-port 81 out
00198 0 0 allow udp from any to any dst-port 81 in
00199 0 0 allow udp from any to any dst-port 81 out
00209 20 1280 allow tcp from any to any dst-port 110 in
00210 0 0 allow tcp from any to any dst-port 110 out
00211 13611 1062450 allow udp from any to any dst-port 137 in
00212 0 0 allow tcp from any to any dst-port 137 in
00213 0 0 allow udp from any to any dst-port 137 out
00214 0 0 allow tcp from any to any dst-port 137 out
00215 1833 397417 allow udp from any to any dst-port 138 in
00216 0 0 allow tcp from any to any dst-port 138 in
00217 0 0 allow udp from any to any dst-port 138 out
00218 0 0 allow tcp from any to any dst-port 138 out
00223 0 0 allow udp from any to any dst-port 139 in
00224 0 0 allow udp from any to any dst-port 139 out
00225 0 0 allow tcp from any to any dst-port 139 in
00226 0 0 allow tcp from any to any dst-port 139 out
00227 0 0 allow tcp from any to any dst-port 445 in
00228 0 0 allow tcp from any to any dst-port 445 out
00229 0 0 allow udp from any to any dst-port 445 in
00230 0 0 allow udp from any to any dst-port 445 out
00231 6 360 allow tcp from any to any dst-port 993 in
00232 0 0 allow tcp from any to any dst-port 993 out
00233 98 6272 allow tcp from any to any dst-port 995 in
00234 0 0 allow tcp from any to any dst-port 995 out
00235 0 0 allow ip from any to any dst-port 1194 setup
00240 14 1134 allow udp from any to me dst-port 1194
00245 48 2192 allow tcp from any to any dst-port 2500 in
00250 0 0 allow tcp from any to any dst-port 2500 out
00251 0 0 allow tcp from any to any dst-port 3128 in
00252 0 0 allow tcp from any to any dst-port 3218 out
00253 0 0 allow tcp from any to any dst-port 3306 in keep-state
00254 0 0 allow tcp from any to any dst-port 3306 out keep-state
00255 22 1408 allow tcp from any to any dst-port 9000 in
00255 0 0 allow tcp from any to any dst-port 9000 out
00500 8659 1407367 deny log ip from any to any
65535 1 84 deny ip from any to any
any insights would be appreciated