FTP server behind firewall

FTP server behind firewall

Post by andre » Mon, 07 Apr 2003 16:07:34



Hi all,

I have my FTP server behind a FreeBSD firewall.  I am using ipfilters.
 However, I cannot sucessfully redirect the FTP request (but I can
sucessfully redirect all the request to inn).  Is there any
configuration errors in my files?

Here is portion of my ipf.rules:
---------------------------- Begin
--------------------------------------------
#################################################################
# Outside Interface
#################################################################

#----------------------------------------------------------------
# Allow out all TCP, UDP, and ICMP traffic & keep state on it
# so that it's allowed back in.
#----------------------------------------------------------------
pass out quick on tun0 proto tcp from any to any keep state
pass out quick on tun0 proto udp from any to any keep state
pass out quick on tun0 proto icmp from any to any keep state
block out quick on tun0 all

# allow SSH
pass in quick on tun0 proto tcp from any to any port = 22 keep state
# allow NNTP
pass in quick on tun0 proto tcp from any to any port = 11999 keep
state
pass in quick on tun0 proto tcp from any to 192.168.0.4/32 port = 119
flags S keep state keep frags
# allow FTP
pass in quick on tun0 proto tcp from any to any port = 2100 keep state
pass in quick on tun0 proto tcp from any to 192.168.0.4/32 port = 21
flags S keep state keep frags
pass in quick on tun0 proto tcp from any to any port = 2099 keep state
pass in quick on tun0 proto tcp from any to 192.168.0.4/32 port = 20
flags S keep state keep frags

# Block all the port default
block in on tun0 all
---------------------------- End
--------------------------------------------

Here is my ipnat.rules
---------------------------- Begin
--------------------------------------------
rdr tun0 0.0.0.0/0 port 11999 -> 192.168.0.4 port 119 tcp
rdr tun0 0.0.0.0/0 port 2100 -> 192.168.0.4 port 21 tcp
rdr tun0 0.0.0.0/0 port 2099 -> 192.168.0.4 port 20 tcp
#map tun0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map tun0 192.168.0.0/24 -> 0/32
---------------------------- End
--------------------------------------------

 
 
 

1. FTP - Client and FTP server behind firewalls

I posted this message about a week ago and was hoping someone might see
it this time.  I really have been reading the docs and the boards but
can't seem to find an answer.  Please note:  I am using PASV on the
client and I have installed and have running ip_masq_ftp.o on the Linux

-------------

OK, I SWEAR I've read the posts (over and over but still can't get this
to work).

I've got two machines A & B on my network, both running RH 6.1 Linux.

Machine A is a firewall running IPCHAINS (simply masquerading - no
other rules) and portforwarding (using IPMASQADM PORTFW) only ports 20,
21, 23, and 80 to Machine B (an FTP/Web server behind the firewall).

I was not sure if RH 6.1 included ip_masq_ftp automatically, so on
Machine A (the firewall), I issued a "modprobe ip_masq_ftp.o" command
and then used the /etc/rc.d/init.d/inet script that Redhat provides to
restart the inetd daemon.  I also tried "kill -HUP" and then the pid
for inetd to restart it.  I also issued the same commands on Machine B
(I'm not sure which machine needed it).

BTW, machine B has an internally masqu'd IP and a virtual IP on the
incoming NIC on the firewall that is being forwarded (you probably
gathered that from the paragraphs above).

On Machine B, the FTP entry in inetd.conf is "ftp    stream  tcp
nowait  root    /usr/sbin/tcpd  in.ftpd -l -a"

On Machine B, the FTP entries in services are

"ftp-data        20/tcp
ftp            21/tcp"

The problem.  1) If a client on the outside of my network is behind a
firewall, even if I tell the FTP client to use PASV mode, I can connect
to Machine B's FTP but not do an "ls" of any directory.

2) Even if a client on the outside of my network is NOT behind a
firewall, and I tell it to use PASV, the same problem occurs.  If I
don't tell it to use PASV, then it works fine (it can connect to
Machine B's FTP server).

So, client behind no firewall and no PASV set on the client, FTP
works.  Client behind a firewall and with/or without PASV set, FTP
doesn't work.

I'm at wits end at this point.  Any help would be appreciated.

-- Thanks, Randy

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Help for a, Epson Stylus Color 400. a bit urgent.

3. Accesing FTP server behind firewall

4. Recommended Patch Cluster for Solaris8 is BUGGY !!!!

5. FTP Server Behind Firewall

6. OS/2 boot mgr & Linux

7. FTP server behind firewall using IP Chains?

8. Help! PLEASE!! New 3c503-16 Eth Card

9. Use ftp server behind firewall?

10. FTP server behind firewall

11. can someone clarify some 'ftp-server behind firewall' questions for me?

12. Help with FTP server behind Firewall

13. FTP Server behind firewall