From owner-freebsd-questions  Sun May 13  0: 6:37 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mr200.netcologne.de (mr200.netcologne.de [194.8.194.109])
	by hub.freebsd.org (Postfix) with ESMTP id 575E337B443
	for <questions@FreeBSD.ORG>; Sun, 13 May 2001 00:06:33 -0700 (PDT)
	(envelope-from pherman@frenchfries.net)
Received: from husten.security.at12.de (dial-213-168-96-30.netcologne.de [213.168.96.30])
	by mr200.netcologne.de (Mirapoint)
	with ESMTP id AFK42072;
	Sun, 13 May 2001 09:06:30 +0200 (CEST)
Received: from localhost (localhost.security.at12.de [127.0.0.1])
	by husten.security.at12.de (8.11.3/8.11.3) with ESMTP id f4D76Fx07620;
	Sun, 13 May 2001 09:06:15 +0200 (CEST)
	(envelope-from pherman@frenchfries.net)
Date: Sun, 13 May 2001 09:06:15 +0200 (CEST)
From: Paul Herman <pherman@frenchfries.net>
To: Hervey Wilson <herveyw@dynamic-cast.com>
Cc: Artem Koutchine <matrix@ipform.ru>, <questions@FreeBSD.ORG>
Subject: Re: Allow rules for ipfw for active ftp
In-Reply-To: <011001c0db5f$0cd9f2c0$0101a8c0@chillipepper>
Message-ID: <Pine.BSF.4.33.0105130901000.10591-100000@husten.security.at12.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 12 May 2001, Hervey Wilson wrote:

> Then I discovered that login.conf was setting
> FTP_PASSIVE_MODE=YES. Removing this option so that the ftp client
> on the firewall server used active connections made everything
> work perfectly.

Mostly yes, but this can be a problem if both sides have a firewall,
which was why I needed to use punch_fw.  The users needed to regularly
FTP data from one customer who also was behind a firewall.  Someone
had to give.

-Paul.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message