|
||||||||||
Hi Peter, > 2000). Login went without any problems but when I attempted to do a > "dir" or a "put" command I simply got back a "425 Can't build data > connection: No route to host." error. The last time I saw a "no route Ooops, sorry - I forgot to mention the fact that you have to use passive FTP on the firmware upload page... Since there are no rules to permit outbound connections from the firewall to LAN, it's unable to build the data connection in case of active mode FTP. This is just additional security paranoia and may change in a future release, but for now, passive FTP must be used. AFAIK, the Windows 2000 command line FTP client cannot even do passive FTP, so you must use a real FTP client ;) like for example SmartFTP. > Figuring the same trick might work here I browsed to the exec.php script > and executed a "/sbin/ipf -Fa" command. Wow! This immediately killed > the unit! No response to http, ftp, or even ping! When you execute /sbin/ipf -Fa, you flush all rules. This means that the default rule will be in effect, and ipfilter in the m0n0wall kernel is compiled with default to deny. This is again security paranoia; let's assume the PHP scripts fail to load new rules after having flushed the old ones (e.g. because of a syntax error), then a default to accept rule would leave the firewall wide open. So that's why the unit didn't respond anymore after the ipf -Fa. Hope this answers your questions. Greets, Manuel |