Re: Solaris 9 FTPD and IPFilterd

From: Barton Fisk (bfisk7_at_bellsouth.net)
Date: 08/28/03

• Next message: Dr. David Kirkby: "Why does this not run from /etc/inittab ??"
• Previous message: Dr. David Kirkby: "Re: The best modem supported by solaris"
• In reply to: Thomas H Jones II: "Solaris 9 FTPD and IPFilterd"
• Next in thread: Thomas H Jones II: "Re: Solaris 9 FTPD and IPFilterd"
• Reply: Thomas H Jones II: "Re: Solaris 9 FTPD and IPFilterd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Thu, 28 Aug 2003 09:08:51 -0500

On Wed, 27 Aug 2003 21:32:53 -0500, Thomas H Jones II <ferric@xanthia.com>
wrote:

> Question: I am running a Solaris 9 system. I want to be able to provide
> ftp services to hosts on the otherside of an IPFilterd firewall host. I
> am using ISC 192.168.x.x address space for my FTP server. The IPFilterd
> host NATs this FTP server's real/private address to an external/public
> IP address. Unfortunately, when clients connect to the Solaris 9 FTP
> daemon, it replies to the client to attempt to create a data connection
> to the FTP server's private address rather than the NAT'ed address. Is
> there any way to cause the Solaris 9 FTP daemon to advertise a different
> IP address (i.e., the NAT'ed address)?
>

It sounds like your firewall vendor needs to be involved. The firewall
should do the port mapping for the FTP connection to the NAT'd address for
both control and data, not just control.

Most better quality firewalls, ie. Netscreen, Cisco Pix, etc have no
problem with this function.

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

---

• Next message: Dr. David Kirkby: "Why does this not run from /etc/inittab ??"
• Previous message: Dr. David Kirkby: "Re: The best modem supported by solaris"
• In reply to: Thomas H Jones II: "Solaris 9 FTPD and IPFilterd"
• Next in thread: Thomas H Jones II: "Re: Solaris 9 FTPD and IPFilterd"
• Reply: Thomas H Jones II: "Re: Solaris 9 FTPD and IPFilterd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: ipfw or ipf w/stateful behavior ... these make the firewall secure enaugh. ... > hosting a FTP server at your site? ... Securing things for an FTP client ... (FreeBSD-Security) Re: Is this a 3-Leg Perimeter scenario? ... the same configuration as I had it originally before upgrading to ISA 2004 ... No PersisentRoute enrty on the clients; no firewall client disabling; no IE ... using IE to access the FTP. ... (microsoft.public.windows.server.sbs) Re: Bug with W2K3, SP1, Windows Firewall and FTP ... FTP service is listed, it should be bi-directional. ... I'm confuse as well:) between the advanced tab and exception tab. ... I decided to try adding a port 21 in the firewall exception list ... when I entered a "dir" command at the client FTP prompt, ... (microsoft.public.inetserver.iis.ftp) Re: Windows XP and FTP ... I believe that you will need to add an exception for the particular application that you intend to use to ensure that the client will be able to connect using that application. ... Thank you for your suggestion - I have tried this, and unfortunately opening ports 20 & 21 on the firewall as an exception does not seem to make a difference, even after a restart of both the connection and the client machine itself. ... Subject: Windows XP and FTP ... (Security-Basics) Re: XP SP2 and ftp PUT and GET to AS/400 not working ... > I can connect and logon with ftp client but commands GET and PUT does not ... > (I use client that came with Windows) ... > on firewall and even disable firewaal but only thing i could is to connect ... (microsoft.public.windowsxp.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.sys.sun.admin  > 2003-08