From owner-freebsd-questions Tue May 9 18:34:52 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id EC52937B5C2 for ; Tue, 9 May 2000 18:34:49 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.0.0.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id SAA00490; Tue, 9 May 2000 18:34:26 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <00da01bfba1f$e07ffd20$0200000a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: , Subject: Re: Firewalls Date: Tue, 9 May 2000 18:34:23 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >I currently running version 3.2 of FreeBSD. I am trying to set up a firewall >that will allow users on the system to 'telnet" and 'ftp" out of the system, but >will not let any other type of connection to the system. I have been able to get >every thing to work correctly except the "ftp". I have been able to make the >connection out to the remote hosts but have not been able to set up a rule that >will allow the remote host to setup a connection to send the data. I an sure >this has been done before, could someone show me the correct rule that will >accomplish this? Here's what I have in my /etc/rc.firewall script for FTP: # FTP - Allow outbound, deny inbound ${fwcmd} add pass tcp from any 20 to any setup ${fwcmd} add deny log tcp from any to ${onet}:${omask} 21 in via ${oif} setup ${fwcmd} add pass tcp from any to ${inet}:${imask} 21 setup # Uncomment these and comment-out 'deny' rule above to open up inbound FTP too #${fwcmd} add pass log tcp from any to any 20 setup #${fwcmd} add pass log tcp from any 21 to any setup #${fwcmd} add pass log tcp from any to any 21 setup Good luck! --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message