Guys please help me with my problem in IPFW rules. When I access the external FTP server I have this error "Failed to retrieve directory listing"
Here is my rc.conf configuration
IPFW Rules:
the result of ipfw -a l
I follow this rule but it doesn't sold the problem. I get this from the http://forums.freebsd.org/showthread.php?t=20826
hoping for your help.
Here is my rc.conf configuration
Code:
natd_enable="YES"
natd_interface="age0"
natd_flags="-dynamic -m"
firewall_enable="YES"
firewall_type="CLOSE"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"
Code:
fwcmd="ipfw -q add"
ext_if="age0"
ext_ip="192.168.9.63"
ext_nt="192.168.9.0/26"
int_if="rl0"
int_nt="192.168.10.0/24"
int_ip="192.168.10.1"
dns_ip="192.168.10.225"
ispnet1="0.0.112.0/24"
ispnet2="0.0.157.0/24"
ftp_ip="74.0.20.16"
# LOOPBACK ADDRESS
${fwcmd} 00051 allow all from any to any via lo0
${fwcmd} 00052 deny ip from any to 127.0.0.0/8
${fwcmd} 00053 deny ip from 127.0.0.0/8 to any
${fwcmd} 00101 allow ip from ${ftp_ip} to any via ${int_if}
${fwcmd} 00102 allow ip from ${ispnet1} to any via ${int_if}
${fwcmd} 00103 allow ip from ${ispnet2} to any via ${int_if}
# SECURE SHELL
${fwcmd} 00104 allow all from any to any 22 in via ${int_if}
# HTTP and HTTPS SERVICES
${fwcmd} 00105 allow tcp from any to any 80,8080,443 in via ${int_if} setup
${fwcmd} 00106 allow tcp from any to any 2082 in via ${int_if} setup
# FTP SERVICE
${fwcmd} 00108 allow tcp from any to any 21 in via ${int_if} setup
# NATD RULES
${fwcmd} 00211 divert natd ip4 from any to any via ${ext_if}
# STATEFULL
${fwcmd} 00232 allow tcp from any to any established
${fwcmd} 00233 allow all from any to any out keep-state
${fwcmd} 00234 allow ip from any to any frag
# DNS SERVICES
${fwcmd} 00241 allow tcp from any to me 53
${fwcmd} 00242 allow udp from any to me 53
${fwcmd} 00243 allow udp from me 53 to any
${fwcmd} 00244 allow udp from me to any 53 keep-state
${fwcmd} 65000 deny ip from any to any
Code:
ipfw: DEPRECATED: 'l' matched 'list' as a sub-string
00051 0 0 allow ip from any to any via lo0
00052 0 0 deny ip from any to 127.0.0.0/8
00053 0 0 deny ip from 127.0.0.0/8 to any
00101 0 0 allow ip from 74.220.207.106 to any via rl0
00102 0 0 allow ip from 121.97.112.0/24 to any via rl0
00103 0 0 allow ip from 124.6.157.0/24 to any via rl0
00104 22 1672 allow ip from any to any dst-port 22 in via rl0
00105 0 0 allow tcp from any to any dst-port 80,8080,443 in via rl0 setup
00106 0 0 allow tcp from any to any dst-port 2082 in via rl0 setup
00108 1 48 allow tcp from any to any dst-port 21 in via rl0 setupp
00211 186 46388 divert 8668 ip4 from any to any via age0
00232 193 56777 allow tcp from any to any established
00233 26 1264 allow ip from any to any out keep-state
00234 0 0 allow ip from any to any frag
00241 0 0 allow tcp from any to me dst-port 53
00242 0 0 allow udp from any to me dst-port 53
00243 0 0 allow udp from me 53 to any
00244 0 0 allow udp from me to any dst-port 53 keep-state
65000 206 36533 deny ip from any to any
65535 11312624 8393891907 allow ip from any to any
Code:
$ipfw -q add allow tcp from any to me 21 in setup keep-state
$ipfw -q add allow tcp from me 20,21 to any out keep-state