How to set firewall rules on a client machine that needs to access FTP and SFTP servers?
The default policy on client's machine is to deny all connections (incoming and outgoing)
there are (UFW) rules that allow:
20/tcp ALLOW OUT Anywhere # FTP Data
21/tcp ALLOW OUT Anywhere # FTP Command
22 ALLOW OUT Anywhere # SSH, SFTP
990 ALLOW OUT Anywhere # FTPS
989 ALLOW OUT Anywhere # FTPS
that work well on client machine for the connection to FTP/FTPS, and authenticating there but when the ftp client requests directory tree listing an error occurs:
Error: Failed to retrieve directory listing
Connection log:
Status: Resolving address of xxx.xxx.xxx.xxx
Status: Connecting to 1xx.1xx.2xx.1xx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (1xx,1xx,2xx,1xx,1xx,2xx)
Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
If the firewall is turned off there is no error so the problem is related to the firewall configuration.
What needs to be added as rule (preferably as UFW rule) in order to have firewall active with default disallow rule but allowing FTP and SFTP connections?
