Hi Andy and List! Thank you for comments - I downloaded latest SuSEfirewall2 (from update dir for SuSE 8.1), rebuilt it on my Slackware 8.0, and everything just got working fine (both active ftp from firewall and even passive ftp to firewall - I have all incoming high port closed!). Now I'm going to port it on the main network firewall on SuSE 7.1 I used SuSEfirewall2 v2.1 before because I thought THIS IS THE LATEST version :( Unfortunately Marc doesn't change versions on his web page (http://www.suse.de/~marc/SuSE.html). I guess many people (like me) use SuSEfirewall on old SuSEs or even other linux distributions. -- Thank you, Vadim Kouzmine On Monday 04 November 2002 18:30, Andreas J Mueller wrote:
Hi Vadim!
I need active ftp from firewall host, and I have to set FW_ALLOW_INCOMING_HIGHPORTS="ftp-data". In this case active ftp works, but SuSEfirewall2 allows incoming connections from port 20 to any high TCP port.
There is a known bug in v2.1 of SuSEfirewall2 as shipped with SuSE 8.0 which prevents active FTP from working correctly. If you need active FTP from the firewall, you can try to apply the following patch and tell me if it worked. AFAIK, this bug is fixed in v3.1 (SuSE 8.1).
Regards, Andy