Running active and passive mode ftp clients on a system that is also running Seattle Firewall configured with 'strong="Yes"' requires that you place the following entries in /etc/seawall/servers:
PROTOCOL | PORT(s) | CLIENT(s) | SERVER | PORT |
tcp | <your localports range> | 0.0.0.0/0 |
If you are going to run active mode clients on your firewall then I urge you to set your localports range to start above 49152.
To run just passive mode clients on such a system, you will need the following in /etc/seawall/apps (you do not need any entries in /etc/seawall/servers):
PROTOCOL | SOURCE PORT(s) | SOURCE ADDR(s) | DEST PORT |
tcp | 1024: | 0.0.0.0/0 | |
tcp | ftp | 0.0.0.0/0 |
Last updated 7/8/2000 - Tom Eastep