How do I get FTP to work through ipfwadm

To: debian-user@lists.debian.org
Subject: How do I get FTP to work through ipfwadm
From: Bruce Jackson <bjackson@pobox.com>
Date: Tue, 13 Oct 1998 10:42:25 +0530
Message-id: <[🔎] 3622E139.B9522D70@pobox.com>

I need to be able to get both Netscape and regular command line ftp to
work.

Here is my script.  I get the following error under Windows command
line  FTP:  PORT argument must be 1025 or greater. The following is my
script:


#!/bin/sh

ISP_IP=`ifconfig ppp0 | grep 'inet addr' | awk '{print $2}'| sed
-e"s/addr\://"`

echo $ISP_IP

FIREWALL_SERVER="192.168.1.1"
NETWORK="192.168.1.0/24"
ALLIP="0.0.0.0/0"
HIPORTS="1024:65535"

#Flush out any existing rules
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f
#Start by denying everything
ipfwadm -I -p deny
ipfwadm -O -p deny
ipfwadm -F -p deny
#Deny Spoofed packets
#ipfwadm -I -a deny -V $ISP_IP -S $NETWORK -D $ALLIP
#ipfwadm -I -a deny -V $ISP_IP -S $ISP_IP -D $ALLIP
#Allow unlimited internal traffic
ipfwadm -I -a accept -V $FIREWALL_SERVER -S $ALLIP -D $ALLIP
ipfwadm -O -a accept -V $FIREWALL_SERVER -S $ALLIP -D $ALLIP
ipfwadm -F -a accept -V $FIREWALL_SERVER -S $ALLIP -D $ALLIP
#Allow outgoing tcp packets for www, smtp, nntp and dns
echo step 1
ipfwadm -O -a accept -P tcp -S $NETWORK $HIPORTS -D $ALLIP www smtp
pop-3 nntp domain
ipfwadm -O -a accept -P tcp -S $ISP_IP $HIPORTS -D $ALLIP www smtp pop-3
nntp domain
ipfwadm -O -a accept -P udp -S $NETWORK $HIPORTS -D $ALLIP domain
ipfwadm -O -a accept -P udp -S $ISP_IP $HIPORTS -D $ALLIP domain
#Allow incoming packets that have the ACK bit set (i.e. are responses)
echo step 2
ipfwadm -I -a accept -k -P tcp -S $ALLIP www smtp pop-3 nntp domain -D
$NETWORK $HIPORTS
ipfwadm -I -a accept -k -P tcp -S $ALLIP www smtp pop-3 nntp domain -D
$ISP_IP $HIPORTS
# This allows ftp servers to set up the "second data channel", whatever
that
# means, basically you need it to use ftp
echo step 3
ipfwadm -O -a accept -P tcp -S $NETWORK $HIPORTS -D $ALLIP ftp ftp-data
ipfwadm -O -a accept -P tcp -S $ISP_IP $HIPORTS -D $ALLIP ftp ftp-data
ipfwadm -I -a accept -P tcp -S $ALLIP ftp ftp-data -D $NETWORK $HIPORTS
ipfwadm -I -a accept -P tcp -S $ALLIP ftp ftp-data -D $ISP_IP $HIPORTS
ipfwadm -I -a accept -P udp -S $ALLIP domain -D $NETWORK $HIPORTS
ipfwadm -I -a accept -P udp -S $ALLIP domain -D $ISP_IP $HIPORTS
#enable masquerading of packets
echo step 4
ipfwadm -F -a masquerade -S $NETWORK -D $ALLIP
echo step 5



Thanks in advance for any help.

Bruce Jackson
Linux:  because reboots are for hardware upgrades!!

Reply to:

Prev by Date: Re: FYI: DMA/33 and kernels
Next by Date: Problems sending mail
Previous by thread: RE: Install with Sony CDU-33A
Next by thread: Problems sending mail
Index(es):
- Date
- Thread