Date: Mon, 4 Aug 2003 12:00:48 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: michael <michael@nettmail.de> Cc: freebsd-security@freebsd.org Subject: Re: ipfw or ipf w/stateful behavior Message-ID: <20030804115302.J59403-100000@cactus.fi.uba.ar> In-Reply-To: <1059927875.3f2d37432c3fa@mx5.internett.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 3 Aug 2003, michael wrote: > well, back to the essentials: > > under linux can i load a kernelmodule for masquerading ftp-connections and > this allows me to close any port from outside except the ports for > Management or administration. these make the firewall secure enaugh. with ipf/ipnat there's a built-in ftp proxy, just add map xl0 192.168.0.0/24 -> <externalip> proxy port ftp ftp/tcp to the top of your ipnat.rules file. Change the IPs and interface to meet your setup. > > May under FreeBSD it give no KLD_MODULE that solve the problem with ftp/or > irc. The above line is the ipf's equivalent of the linux module. Fer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804115302.J59403-100000>