ipfilter and passive ftp

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
Posts: 559
Joined: Wed Mar 21, 2007 7:07 pm
Location: Europe

ipfilter and passive ftp

Unread postby cybercow » Mon Jan 14, 2008 4:04 am

I`m using standard ftpd from IRIX dist, altrough the active ftp seems working fine, the passive one blocs the traffic all the time.

here the piece of ipf.conf for ftp, the passive block is wrong:

Code: Select all

# active FTP
pass in quick proto tcp from any port > 1023 to 'my_server_ip_addr' port = 21 flags S  keep state
pass out quick proto tcp from any port = 20 to any port > 1023 flags S keep state

# passive FTP
pass in quick proto tcp from any to 'my_server_ip_addr' port 15000 >< 20000 flags S keep state
pass out proto tcp all keep state

User avatar
Posts: 179
Joined: Sat Mar 18, 2006 2:03 pm
Location: Mons, Belgium

Re: ipfilter and passive ftp

Unread postby mmendez » Tue Jan 15, 2008 12:18 pm

Which machine is running ipfilter? Have you tried setting up ipf to use the ftp proxy feature?
SGI: :Indigo2IMP: :Fuel: :O2: :Octane2:
Sun: Ultra2, Ultra60, Sun Fire 4800
Apple: G3, Powermac G4 MDD, PowerMac G5, Mac Mini, iBook G4 12", MBP
Dec 3000
IBM RS/6000
AMD64 FreeBSD box

Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 3 guests