Date: Tue, 01 Feb 2000 08:24:03 +1100 From: Tony Landells <ahl@austclear.com.au> To: Marius Bendiksen <marius@marius.scancall.no> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Contracted firewall hack Message-ID: <200001312124.IAA15485@tungsten.austclear.com.au> In-Reply-To: Message from Marius Bendiksen <marius@marius.scancall.no> of "Mon, 31 Jan 2000 17:31:44 BST." <Pine.BSF.4.10.10001311728050.18891-100000@marius.scancall.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> The application in question communicates over TCP port 1500, whence it
> requests a port for parts of the traffic sort of like what FTP does.
So have we--Sterling Commerce's CONNECT:Mailbox, which uses 10020 & 10021.
> We would be willing to pay to have a custom modification to the IPFW
> code which allows us to do this in a sensible manner.
Our sensible manner is:
cmhost=192.83.119.201/32 # IP address of CONNECT:Mailbox host
cm_cmd=10021 # CONNECT:Mailbox command channel, like FTP 21
cm_data=10020 # CONNECT:Mailbox data channel, like FTP 20
$fwcmd add pass tcp from any to ${cmhost} ${cm_cmd} setup
$fwcmd add pass tcp from ${cmhost} ${cm_data} to any setup
This follows all the normal stuff to do anti-spoofing, etc. and assumes
that there is a rule that says
$fwcmd add pass tcp from any to any established
I hope that helps,
Tony
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001312124.IAA15485>