[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: FTP confusion -ipf ((SOLVED))
From:       Jeff Donovan <jdonovan () beth ! k12 ! pa ! us>
Date:       2001-02-28 15:58:20
[Download RAW message or body]

Greetings,
Thanks to all who replied.
this is a temporary solve until I can find a way to write it better;

What I did was put  a packet sniffer in my DMZ to view the traffic 
between the firewall and the incoming ftp sessions. I noticed that 
the intitial SYN from the admin to the server was passing, then the 
ftpsvr would do a reverse dns lookup ( which i was not passing to my 
DNS box on a seporate subnet)
then I needed to allow connections from the admin machine to ftpsvr 
control port 20.

by placing the LOG feature on the block statement, I was able to see 
in the log file what was being blocked, therefore I could open up 
those specific conversations.
These rules only allow my admin machine to ftp to a specific ftp 
server.-- re-writes will follow.
(yes I know use SCP, :) that's next.

--jeff



block in log on ep1 all
pass in quick on ep1 proto tcp/udp from mydnssvr/32 to any keep state
pass in quick proto tcp from myadmin/32 port > 1023 to ftpsvr/32 port = 21
pass out quick proto tcp from ftpsvr/32 port = 21 to myadmin/32 port > 1023
pass in quick proto tcp from myadmin/32 port > 1023 to ftpsvr/32 port = 20
-- 
------------------------------------------------------------------------
Jeff Donovan                    Network Analyst
Bethlehem Area School District  Information & Communication Technologies
Bethlehem, PA  18020            (610) 807-5571  jdonovan@beth.k12.pa.us

[prev in list] [next in list] [prev in thread] [next in thread]