Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FTP and Firewall

Hey Tomas

We have a similar problem at our side: We use a BSD machine as gateway and
fire-wall for an internal network.

So if you use the fire-wall to protect the internal subnet from the
internet, you can get passive ftp to work by allowing outgoing traffic to
port 21 and to ports > 1024. active ftp works only if you set up a ftp-proxy
on your gateway.

See http://www.deadly.org/article.php3?sid=20020130012631. for a good
explanation.

In our case how ever the proxy is needed to allow active ftp, while passive
ftp is not working at all. This is because the firewall blocks outgoing
traffic on all ports except the well defined service ports (i.e. 1, 22, 53,
80, 443,...).

Hope this helps

Michael.

On 5/29/03 9:33 AM, "Tomas Zahradnicky" <email@hidden> wrote:
> Hello guys,
>
> I have an internal network 192.168.1.0/24 and outside public IP
> address. I'm using NAT to allow users of the 192.168.1.x network to
> access the Internet. I defined firewall rule:
>
> divert ip from any to any via en1
>
> some others and
>
> allow 192.168.1.0/24, any port -> this should allow everything from inside
> deny all
>
> and I explicitly allow FTP, HTTP, and so on. However I can log in to
> an FTP server, but as soon as I type "list" or "dir" command,
> connection freezes. I assume it has to do something with firewall
> rules because if I change the last rule "deny all" to "allow all", it
> works.
>
> How should I set the rules to allow 192.168.1.0/24 network to fully
> work with FTP?
>
>
> Thanks,
>
> Tomas

--
----------------------------------------------------------------------------
Michael Marti
Centro de Fisica dos Plasmas
Instituto Superior Tecnico
Av. Rovisco Pais
1049-001 Lisboa
Portugal

Tel. +351 21 841 93 79
----------------------------------------------------------------------------
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >FTP and Firewall (From: Tomas Zahradnicky <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.