Ipfw

suhailc

Verified User
Joined
Oct 4, 2004
Messages
119
Hi all,

I'm running a FreeBSD 6.0 DA server and I have the following rules in my ipfw.rules:

$cmd 90 allow tcp from any to any 21 in
$cmd 100 allow tcp from any to any 21 out
$cmd 300 allow tcp from any to any 61000-61994 in

And in my /etc/proftpd.conf I have the following:

Port 21
PassivePorts 61000 61994

However, I can FTP in but when trying to browse any folders, the FTP client tries opening ports outside of the 61000-61994 range and cannot do so.

How do I fix this please?

Regards,
Suhail.
 
Make sure you put the PassivePorts 61000 61994 in the <Global> section of the proftpd.conf file and you should be fine.

Steve
 
Thanks Floris.

But is it safe to open up some a large range on the firewall?
 
The only deamon listening to those ports is proftpd, so no harm could be done. I don't see why not.
 
If you are blocking all ports you will also want to add a rule so that you can use ftp to other sites via your server.

# FTP PASSIVE
ipfw add # allow tcp from me to any 1024-65535 out setup keep-state
 
Back
Top