[ previous ] [ next ] [ threads ]
 
 From:  BlackWand <Robert dot Winbladh at BlackWand dot NET>
 To:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 Cc:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] FTP problem
 Date:  Sat, 10 Feb 2007 20:43:53 +0100 
Yea. I know the address, so yeah, I could just open >1024 to that IP. I 
will do some testing.
Thanks

Lonnie Abelbeck wrote:
> Robert,
>
> Well, you could create a Rule to allow all/any out as a test, 
> establish a FTP session (passive mode), and then click on "Firewall 
> states" in m0n0wall.
>
> Searching for your FTP's servers address, you should have enough data 
> to create your 'tight' outbound rules.
>
> Lonnie
>
> On Feb 10, 2007, at 10:51 AM, BlackWand wrote:
>
>> True. Passive mode, but it also requires outgoing traffic to be 
>> allowed. I am of the strict type, I block everything I dont need.
>> Would be nice if the FTP 'fixup' would work more smoothly.
>>
>> Lonnie Abelbeck wrote:
>>> Robert,
>>>
>>> Try setting your FTP client behind m0n0wall for "passive" mode, that 
>>> will force both TCP connections to be established outbound, 
>>> auto-magically creating NAT holes in m0n0wall.
>>>
>>> Though, I have had success with FTP not in 'passive' mode, likely 
>>> due to special default FTP rules m0n0wall adds.
>>>
>>> In either case, no changes to m0n0wall were required (other than 
>>> allowing outbound traffic).
>>>
>>> Lonnie
>>>
>>> On Feb 10, 2007, at 3:13 AM, BlackWand wrote:
>>>
>>>> Hello.
>>>>
>>>> I have tryed to get FTP working thru the m0n0wall to no avail.
>>>>
>>>> This is my setup:
>>>> I block both outgoing and incomming traffic, except the few stuff I 
>>>> want out/in.
>>>>
>>>> The FTP I am connecting to is configured to listen on port 666 as 
>>>> default, not behind NAT/PAT (I am tho).
>>>> I am wondering, where and how should I open my firewall?
>>>>
>>>> Do I only need to allow FTP out, and thats it (LAN if)? Does not 
>>>> work very good for me, or do I need to allow port 666 out too?
>>>> Or do I allow FTP inbound (WAN if)? Do I then need to do any 
>>>> forwarders?
>>>> Or could it be that since its not configured for port 21, it will 
>>>> never work?
>>>>
>>>>
>>>>
>>>> // Robert
>>>> .
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>
>>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>