[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSEfirewall2 FTP problems since update to 10.0



Hello All!

I have a box that is acting as a masquerading firewall between a lan and
the great WWW.  I used to have a rule for a subnet of machines that were
only allowed to FTP due to web abuse issues.  This was in SuSEfirewall2
in 9.1.  I have just upgraded to 10.0 and now Active FTP is broken.  The
relative lines were:

192.168.20.224/28,0/0,tcp,20 192.168.20.224/28,0/0,udp,20
192.168.20.224/28,0/0,tcp,21 192.168.20.224/28,0/0,udp,21

in FW_MASQ_NETS.  It worked great.  Now my FTP clients stop dead in
their tracks at the PORT command.



The end of the transaction in ethereal reveals:

209 2.017000    192.168.20.226         208.113.147.155       FTP
Request: PWD                                                    2001
21
    252 2.099551    208.113.147.155       192.168.20.226         FTP
Response: 257 "/" is current directory.                         21
2001
    253 2.114193    192.168.20.226         208.113.147.155       FTP
Request: PORT 192,168,20,226,7,210                               2001
21
    261 2.367009    208.113.147.155       192.168.20.226         FTP
[TCP Out-Of-Order] Response: 257 "/" is current directory.      21
2001
    262 2.367168    192.168.20.226         208.113.147.155       TCP
dc > ftp [ACK] Seq=73 Ack=229 Win=65307 Len=0                   2001
21
    268 3.336464    192.168.20.226         208.113.147.155       FTP
[TCP Retransmission] Request: PORT 192,168,20,226,7,210          2001
21
    616 5.961397    192.168.20.226         208.113.147.155       FTP
[TCP Retransmission] Request: PORT 192,168,20,226,7,210          2001
21
   1025 11.211392   192.168.20.226         208.113.147.155       FTP
[TCP Retransmission] Request: PORT 192,168,20,226,7,210          2001
21
   1976 21.711380   192.168.20.226         208.113.147.155       FTP
[TCP Retransmission] Request: PORT 192,168,20,226,7,210          2001
21



Never is there a single port 20 record line.  Outside of the out of
order line (which doesn't always show up),  I don't see anything wrong
up till here.  It used to work fine.  What happened?  I can get passive
FTP to work but it requires opening outbound high ports to the abusers
who then IM and chat all day long.


Any help is greatly appreciated.


Mike


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here