IPFW and FTP

C

carlhako

Hi

I have a VPS configured running a fairly simple configuration. Web, SSH and FTP access. SSH and HTTP access is fine I am just having alot of trouble with FTP. It will connect but fails the connection when requesting a list of file. From what I read on the ftp protocol it appears to be the second connection that is failing, which is outbound tcp port 20 destination port random. Rule 400 should allow this?

I know the firewall is working as SSH and HTTP did not work until I added the rules in. Also before enabling the firewall I had the server totally open at which time FTP worked fine.

Here is my current IPFW configuration script.

Code: 
#!/bin/sh

ipfw -q flush

cmd="ipfw -q add"

$cmd 00100 allow tcp from any to me 22 in setup keep-state
$cmd 00200 allow tcp from any to me 80 in setup keep-state
$cmd 00300 allow tcp from any to me 21 in keep-state
$cmd 00400 allow tcp from any to any out keep-state
$cmd 00500 allow udp from any to any out keep-state


and what I have in /etc/rc.conf regarding firewall:
Code: 
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.config"

Running 8.2-RELEASE generic kernel.

The other thing I might add is I use ftp for ease of remote developing. Notepad++ has a built in ftp addon which works quite well.
 
carlhako said:
I have a VPS configured running a fairly simple configuration. Web, SSH and FTP access. SSH and HTTP access is fine I am just having alot of trouble with FTP. It will connect but fails the connection when requesting a list of file.
Click to expand...
There's a difference between active and passive FTP, i.e. which side opens the data connection. Problems arise when both the server and the client are firewalled.

http://slacksite.com/other/ftp.html
 
Trying to use Passive.

I just worked out the same plugin support SFTP which works fine over default setup of openssh. Although it would not work with password I had to generate a separate RSA private key which seems to be working ok. It's a little slower than FTP but that's one less port I need to open up and fewer services to run.

Hope this helps someone else with a similar issue. Don't worry about FTP.
 
You must log in or register to reply here.
Back
Top