[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Cc:  BlackWand <Robert dot Winbladh at BlackWand dot NET>
 Subject:  Re: [m0n0wall] FTP problem
 Date:  Sat, 10 Feb 2007 11:02:41 -0600
Robert,

Well, you could create a Rule to allow all/any out as a test,  
establish a FTP session (passive mode), and then click on "Firewall  
states" in m0n0wall.

Searching for your FTP's servers address, you should have enough data  
to create your 'tight' outbound rules.

Lonnie

On Feb 10, 2007, at 10:51 AM, BlackWand wrote:

> True. Passive mode, but it also requires outgoing traffic to be  
> allowed. I am of the strict type, I block everything I dont need.
> Would be nice if the FTP 'fixup' would work more smoothly.
>
> Lonnie Abelbeck wrote:
>> Robert,
>>
>> Try setting your FTP client behind m0n0wall for "passive" mode,  
>> that will force both TCP connections to be established outbound,  
>> auto-magically creating NAT holes in m0n0wall.
>>
>> Though, I have had success with FTP not in 'passive' mode, likely  
>> due to special default FTP rules m0n0wall adds.
>>
>> In either case, no changes to m0n0wall were required (other than  
>> allowing outbound traffic).
>>
>> Lonnie
>>
>> On Feb 10, 2007, at 3:13 AM, BlackWand wrote:
>>
>>> Hello.
>>>
>>> I have tryed to get FTP working thru the m0n0wall to no avail.
>>>
>>> This is my setup:
>>> I block both outgoing and incomming traffic, except the few stuff  
>>> I want out/in.
>>>
>>> The FTP I am connecting to is configured to listen on port 666 as  
>>> default, not behind NAT/PAT (I am tho).
>>> I am wondering, where and how should I open my firewall?
>>>
>>> Do I only need to allow FTP out, and thats it (LAN if)? Does not  
>>> work very good for me, or do I need to allow port 666 out too?
>>> Or do I allow FTP inbound (WAN if)? Do I then need to do any  
>>> forwarders?
>>> Or could it be that since its not configured for port 21, it will  
>>> never work?
>>>
>>>
>>>
>>> // Robert
>>> .
>>>
>>> -------------------------------------------------------------------- 
>>> -
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>