Solved [IPFW] Firewall blocking FTP service

N

natharran

Hi guys,
I need help with getting a ftp service - namely vsftpd - working. It's configured like this:
Code: 
...
connect_from_port_20=NO
pasv_min_port=12000
pasv_max_port=12100
listen_port=12200
...
The trouble is that firewall is blocking the connection (timeout reached) and I don't have a clue why. I have this in my ipfw() script:
Code: 
...
ipfw -q add 130 allow tcp from any to any 12200 in via $outer keep-state
ipfw -q add 135 allow tcp from any to any 12000-12100 in via $outer keep-state
...
ipfw -q add 240 allow tcp from any to any 12200-12100 out via $outer keep-state
ipfw -q add 245 allow tcp from any to any 12200 out via $outer keep-state
...
And this in the end of the script (the server also provides NAT for local network):
Code: 
...
ipfw -q add 499 deny log all from any to any
ipfw -q add 500 divert natd all from any to any out via $outer keep-state
ipfw -q add 600 allow ip from any to any

What am I missing?
 
Re: Firewall blocking FTP service

Ok I solved it :D.

The problem was in those two outcoming rules:
natharran said:
Code: 
ipfw -q add 240 allow tcp from any to any 12200-12100 out via $outer keep-state
ipfw -q add 245 allow tcp from any to any 12200 out via $outer keep-state
Click to expand...
Correct rules, of course, are:
Code: 
ipfw -q add 240 allow tcp from any 12200 to any out via $outer keep-state
ipfw -q add 245 allow tcp from any 12000-12100 to any out via $outer keep-state
I'll say in my defense that after an entire night without sleep I was rather exhausted :r.
Be well ;).
 
You must log in or register to reply here.
Back
Top