Jump to content

FTP Server Timeout Firewall port???


Recommended Posts

Hi all,

im running retrospect 6 on mac os x 10.4.3 server and backup hourly a redhat server on our network along with various other machines.

 

I've just organised a particular file to be backed up to an ftp site i own however, im having massive problems with the firewall. I've obviously opened up all possible ftp ports, (20,21) along with TFTP and SFTP just to make sure and the Dantz port. When retrospect connects, i get a connection timed out in the log file.

 

To remedy, I've opened all ports on the firewall, and the connection is made instantly.

 

AM i missing something?! Could someone please advise.

 

Many thanks.

 

Simon

Link to comment
Share on other sites

It seems pretty clear that with the standard firewall on, one isn't going to be able to connect to the ftp server. There are a lot of posts on the Apple discussion forums about this. The solution appears to be to set up some rules manually:

 

 

 

sudo ipfw add allow tcp from any to any 20-21 in

 

sudo ipfw add allow tcp from any 20,21 to any 1024-65535 in

 

 

 

You may also find it useful to have a look at this thread:

 

 

 

http://discussions.info.apple.com/webx?128@494.O3FLauXQVKn.1@.68b23eda

 

 

 

It doesn't seem as if Retrospect is able to use passive ftp, although it would be nice ot have confirmation on this issue.

Link to comment
Share on other sites

Quote:

It doesn't seem as if Retrospect is able to use passive ftp, although it would be nice ot have confirmation on this issue.

 


 

From a post by NateW dated 12/02/2004:

 

"Retrospect requires active FTP"

 

http://forums.dantz.com/ubbthreads/showthreaded.php?Cat=&Number=49736&page=&view=&sb=5&o=&vc=1

 

Search is your friend...

 

Dave

Link to comment
Share on other sites

Hi

 

The firewall rules for OSX changed from OSX 10.3 to 10.4.

 

In 10.3 opening FTP would open ports 20 and 21 as well as a large range of high numbered ports for return connections.

 

The OSX 10.4 FTP firewall exception only opens port 20 and 21. You need to manually open up the high numbered ports.

 

If you still have an OSX 10.3 machine handy you can see which ports it actually opened.

 

Thanks

nate

Link to comment
Share on other sites

Unfortunately, there's no way to implement that 10.3 rule in 10.4 using the UI (to my knowledge). To make matters worse, the firewall seems to block the low-order ftp ports as well, even with ftp enabled:

 

 

 

Nov 15 07:30:41 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0

 

Nov 15 07:30:44 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0

 

Nov 15 07:30:50 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0

 

Nov 15 07:31:02 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0

 

Nov 15 07:31:26 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0

 

 

Link to comment
Share on other sites

If by "manually" you mean using the GUI, you can't just enter any rule. For example, it isn't currently possible to use the GUI to do this:

 

 

 

allow tcp from any to any 20-21 in

 

allow tcp from any 20,21 to any 1024-65535 in

 

 

 

which is presumably what is required. Now these can be added via Terminal, but they're not maintained across restarts frown.gif

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...