[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: FreeBSD IPfilter + Apache Proxy= FTP problem
From:       "Pete Davis" <peted () springisd ! org>
Date:       2002-10-31 18:39:30
[Download RAW message or body]

I am getting an error when FTP doesn't work--

===============
502 proxy error
Unable to connect to <something>: No route to host
===============

I tried to allow IDENT out with keep state but no good.

I know it is not a routing problem since HTTP and HTTPS work... only
FTP has the problem.  I changed the outbound rule to the internet to
allow all TCP keep state until I get a solution. I can live with this if
I have to but it seems weird.

BTW, I am not running/hosting any FTP.  I am only trying to proxy to
the internet for private/internal workstations.

Thanks for any help.  I really appreciate all the responses (I have
already made multiple changes based on responses here).

Pete

>>> "Duane H. Hesser" <dhh@androcles.com> 10/31/02 12:14PM >>>

On 31-Oct-02 David S. wrote:
> 
> Yes, but the original correspondent only indicated that he was
> using FreeBSD 4.7, and according to the FreeBSD man page for
> 'ftpd', the port range for passive connections is "hard-wired".  
> ...
> 
> David S.
> 

sysctl -a | grep port
...
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535

I haven't tried it, but the ftp code appears at quick glance
to be using these, and they're writable.

--------------
Duane H. Hesser
dhh@monroe.net
[prev in list] [next in list] [prev in thread] [next in thread]