Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!news-peer.sprintlink.net!news.sprintlink.net!sprint!uunet!in3.uu.net!208.192.192.2!stalker.oem.net!brian From: brian@apocalypse.saturn.net (Brian Mitchell) Newsgroups: comp.security.firewalls,comp.unix.admin,comp.security.unix,comp.unix.bsd.freebsd.misc Subject: Re: ipfw question Date: 27 Apr 1997 08:12:32 GMT Organization: A poorly-installed InterNetNews site Lines: 15 Message-ID: <slrn5m62id.a2.brian@apocalypse.saturn.net> References: <336270A6.1323@intervista.com> NNTP-Posting-Host: apocalypse.saturn.net X-Newsreader: slrn (0.9.3.2 UNIX) Xref: euryale.cc.adfa.oz.au comp.security.firewalls:7462 comp.unix.admin:57419 comp.security.unix:34067 comp.unix.bsd.freebsd.misc:39813 You have 2 solutions, allow src port 20 dst port ranges-that-ftpd-uses or force your users to use passive mode (which most but not all servers support). In FreeBSD, use ftp -p for passive (or pftp instead of ftp). >I have a FreeBSD 2.1 box with two interfaces which is running ipfw for >packet filtering. This server is the only interface into my LAN (which >has a 3 machine DMZ and the 128 subnet behind a second firewall). > >For the most part I'm happy with performance, but I am having some >trouble with outgoing FTP which I'm a bit confused about. Here goes: >