firewall in 11.1 config

When i have firewall off ftp works perfect, but when its running no dice… i have these allowed on external zone
tcp port:
10000 135 21
udp ports
137 138

On Sun April 26 2009 09:16 pm, irisservice wrote:

>
> When i have firewall off ftp works perfect, but when its running no
> dice… i have these allowed on external zone
> tcp port:
> 10000 135 21
> udp ports
> 137 138
>
irisservice;

Try opening port 20 (TCP) as well. This may be used for data. If you enable
the logging of dropped packets on the firewall it can really help debug these
things.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

thanks but that did not work…

irisservice wrote:
> thanks but that did not work…

Port 20 for TCP needs to be open the other way, i.e. from the server to the
clients (for “active” FTP anyway). But most likely this is the case already.
The answer is in the logs. Check /var/log/firewall and/or /var/log/messages
for errors and rejects while connecting.

On Mon April 27 2009 01:24 pm, LittleRedRooster wrote:

> irisservice wrote:
>> thanks but that did not work…
>
> Port 20 for TCP needs to be open the other way, i.e. from the server to the
> clients (for “active” FTP anyway). But most likely this is the case already.
> The answer is in the logs. Check /var/log/firewall and/or /var/log/messages
> for errors and rejects while connecting.
irisservice;

The data port is configurable but defaults to 20, the client sends ACKS to the
server on the data port. See:
http://www.troubleshootingnetworks.com/ftpinfo.html

Enable logging of dropped packets, it is disabled by default. Then you should
see your problem in the firewall log as given by LittleRedRooster.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

thanks will check it out shortly