On Thu, 12 May 2005, Marco A. Ramos wrote: > As you say you have two options: > > a) To force all users, to work as nonpasive method (Remenber open the data > port (tcp/20) That's what I already did. -A input -s xxx.xxx.xx.0/24 -d 0/0 20 -p tcp -y -j ACCEPT > > b) Enable the Passive method on your firewall, to made it, you have to > determine some port in your ftp server, this mean, that your ftp server must > to use an especific range of ports (for example 50000-50500) and then open > that range in your firewall. Other point it to consider that the FTP server > will send ip own IP address, for the passive connection. Then the question is how to let ftp server know to use the specific range of ports. We use wu-ftpd-2.6.1-20. For "send ip own IP address", do you mean that I just include their ip in the firewall and trust that ip? Jessica > > Good Luck > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Bartosz Brewinski > Sent: Thursday, 12 May, 2005 11:30 AM > To: redhat-list@xxxxxxxxxx > Subject: Odp: firewall question > > > Maybe "BBedit" is not configured (or can't be) for passive ftp while the > other ftp clients used in the office are using passive ftp connections ? > > Maybe it would be sufficient to persuade BBedit to use passive connection > method ? > > Hope this helps. > > bartek > > >>> jessica@xxxxxxxxxxxxx 2005-05-12 20:21 >>> > Hi, > > I set up the firewall on an old linux(7.1) server using ipchains which > allows ftp within our network. After the firewall up, some users in the > office who using Bbedit on Macintosh complained that they cannot ftp to > the server any more although there is no problem to use other ftp > programs. > > My final solution is to trust the ips from those users using BBedit and > accept all from them. However, I thought this is not the best and secure > solution. Just wondering whether anybody on the list can help me figure > out the better solution. > > Thanks! > > Jessica > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
