Hi Vadim!
I need active ftp from firewall host, and I have to set FW_ALLOW_INCOMING_HIGHPORTS="ftp-data". In this case active ftp works, but SuSEfirewall2 allows incoming connections from port 20 to any high TCP port.
There is a known bug in v2.1 of SuSEfirewall2 as shipped with SuSE 8.0 which prevents active FTP from working correctly. If you need active FTP from the firewall, you can try to apply the following patch and tell me if it worked. AFAIK, this bug is fixed in v3.1 (SuSE 8.1).
Thanks for the effort. I have built packages for 8.0, to be downloaded at ftp://ftp.suse.com/pub/people/draht/8.0/. Please send me a brief comment about the remains of the problems - I'll have the package showing up in YOU for 8.0 then.
Regards, Andy
--- SuSEfirewall2.orig Sat Mar 23 20:24:47 2002 +++ SuSEfirewall2 Tue Nov 5 00:18:48 2002 @@ -931,9 +931,11 @@
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -