SGI: Security

ipfilter and passive ftp

cybercow avatar
cybercow
From Europe
Who joined March 21, 2007, 7:07 p.m.
Wrote the following at Jan. 14, 2008, 4:04 a.m...
I`m using standard ftpd from IRIX dist, altrough the active ftp seems working fine, the passive one blocs the traffic all the time.

here the piece of ipf.conf for ftp, the passive block is wrong:

Code: Select all

# active FTP
pass in quick proto tcp from any port > 1023 to 'my_server_ip_addr' port = 21 flags S  keep state
pass out quick proto tcp from any port = 20 to any port > 1023 flags S keep state

# passive FTP
pass in quick proto tcp from any to 'my_server_ip_addr' port 15000 >< 20000 flags S keep state
pass out proto tcp all keep state
mmendez avatar
mmendez
From Mons, Belgium
Who joined March 18, 2006, 2:03 p.m.
Wrote the following at Jan. 15, 2008, 12:18 p.m...
Which machine is running ipfilter? Have you tried setting up ipf to use the ftp proxy feature?
SGI: :Indigo2IMP: :Fuel: :O2: :Octane2:
Sun: Ultra2, Ultra60, Sun Fire 4800
Apple: G3, Powermac G4 MDD, PowerMac G5, Mac Mini, iBook G4 12", MBP
Dec 3000
IBM RS/6000
AMD64 FreeBSD box