Actually it is the other way round. You machine should have its high ports open and the server should have ports 20 and 21 open. Noah.

-----Original Message----- From: remote [mailto:remote@leat.ruhr-uni-bochum.de] Sent: 19 April 2004 12:38 To: SUSE-SECURITY Subject: Re: [suse-security] Configuring SuSEfirewall2 for FTP access

This is a transcript of my firewall log when I try to connect to ftp.suse.de :

Apr 19 11:35:38 router kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT=eth1 SRC=AAA.BBB.CCC.DDD DST=195.135.221.130 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=1263 DF PROTO=TCP SPT=1802 DPT=38852 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402)

Passive FTP is activated. The way I understood passive FTP the server is supposed to have its higher ports open, while the downloading computer only has to have ports 20 or 21 open. My /etc/sysconfig/SuSEfirewall does include a FW_FORWARD-rule which opens these ports to the entire net, FW_FORWARD =" AAA.BBB.CCC.0/6,0/0,tcp,20:21 "

however I don´t get any kind of FTP, neither upload nor download.

What´s wrong with my setup ?

Thanks,

Jörg