From owner-freebsd-ipfw@FreeBSD.ORG Mon Jan 16 07:07:57 2012 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B36C6106564A for ; Mon, 16 Jan 2012 07:07:57 +0000 (UTC) (envelope-from vip71541@gmail.com) Received: from mail-tul01m020-f182.google.com (mail-tul01m020-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 80DF58FC08 for ; Mon, 16 Jan 2012 07:07:57 +0000 (UTC) Received: by obcwo16 with SMTP id wo16so801868obc.13 for ; Sun, 15 Jan 2012 23:07:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=83KBIAIo86zmpsnGPVBgAKRD3FCSZohKGN2u2cpyMoc=; b=CmyicmaPjQvI7s1Dxew78kNRpLka2WUKQqA+ZT+7N2OeoGbwSWxLroGCaZGkE9j+55 c5/19EIZ8wXldqgBSKkMHHJU2MZct0pjlezDfE/vCcSDRe8f2s0CsTOyBmX1OAH3VbqU VW3wqEHp7fCM+e6TvzLKQ5qVPiPMGGd7UhD2s= MIME-Version: 1.0 Received: by 10.182.225.9 with SMTP id rg9mr9991756obc.4.1326695791435; Sun, 15 Jan 2012 22:36:31 -0800 (PST) Received: by 10.60.24.1 with HTTP; Sun, 15 Jan 2012 22:36:31 -0800 (PST) Date: Mon, 16 Jan 2012 08:36:31 +0200 Message-ID: From: vip 71541 To: ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Problem with passive ftp in IPFW! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2012 07:07:57 -0000 Good morning, everybody. My name is Eugene. I know that not a new issue ... But there is a problem as competently / properly write the rules for passive ftp in ipfw on a gateway for my LAN. Gateway running Freebsd 8.2p6. For kernal NAT. Now goes to the local network FTP on such rules here: 00159 0 0 skipto 65000 tcp from 192.168.10.0/24 to any dst-port21,1024-65535 out xmit em0 keep-state -- 00211 skipto 65000 tcp from any 21,1024-65535 to ${wan_ip} in recv em0 -- 65000 0 0 nat 90 ip from any to any via em0 --- Are there any in ipfw analogue state RELATED and two modules nf_nat_ftp, nf_conntract_ftp in IPTABLES. As an intelligent man ipfw how to open his information was not found. So, would not open the ports above 1024 ... But somehow not very good firewall such as leaves and there is sort of not ... This kernel is compiled with options such: # *IPFW* options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE=100 options IPFIREWALL_FORWARD options IPFIREWALL_NAT options LIBALIAS options IPDIVERT options DUMMYNET options HZ=1000 P.S And plan to add such a state in the next version of freebsd? Thank you for your attention. I will wait your reply. ---