FTP pasivni rezim

Jozef Babjak babjak at hilbert.chtf.stuba.sk
Tue Jan 25 15:18:19 CET 2005


Mne to fbsd 4.10 s IPF funguje presne takto (za xxx... si dosadte 
prislusnu ip adresu a spravne nastavte masku). 

J. 

# Tento pocitac je FTP server:
pass  in on ed1 proto tcp from any to xxx.xxx.xxx.xxx/32 port = ftp flags 
S 
keep state keep frags
# ...tento server podporuje aktivny rezim:
pass out on ed1 proto tcp from xxx.xxx.xxx.xxx/32 port = ftp-data to any 
flags S keep state keep frags
# ...a aj pasivny:
pass in on ed1 proto tcp from any to xxx.xxx.xxx.xxx/32 port 49152 >< 
65535 
flags S keep state keep frags


On Tue, Jan 25, 2005 at 01:39:26PM +0100, Dragon wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Zdar
> 
> do proftpd.conf pridaj toto:
> PassivePorts                    60000 65000
> 
> a potom do fw staci nastavit aby tento port range bol povoleny.
> 
> S pozdravom
> - --
> Dragon
> 
> wnt at centrum.cz wrote:
> | Dobry den,
> |
> | jiz delsi dobu se trapim, jakym zpusobem zprovoznit pasivni rezim na
> FreeBSD 5.2.1 serveru. Jako demon tam bezi ProFTPd a cely system je
> chranen IPFiltrem. To je vsak prave ten kamen urazu. :(  Na internetu
> jsem si nalel pravidla, podle kterych by mela komunikace fungovat, ovsem
> jak se zda, tak to zrovna prilis nepomohlo. :(
> | ---------------
> | pass in quick on fxp0 proto tcp from any to any port = ftp keep state
> | pass in quick on fxp0 proto tcp from any to any port = ftp-data keep state
> | pass in quick on fxp0 proto tcp from any port = ftp-data to any port >
> 1023 keep state
> | ---------------
> |
> | Pasivni rezim proste i nadale odmita fungovat. :( Muze mi prosim nekdo
> poradit jak to vyresit co nejelegantneni/nejbezpecneji? Dekuji.
> |
> | AJ
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFB9j3+AyoDQDAy7vwRAi99AKCBfTqkcikTAVa4xYrpgC6baAUrOACg2D0S
> g8buasnlU1R00Zj/nIRQnc8=
> =A0QJ
> -----END PGP SIGNATURE-----
> -- 
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l



More information about the Users-l mailing list