Date: Tue, 29 Aug 2000 15:41:21 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Jason <username@cac.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Message-ID: <Pine.BSF.4.21.0008291531330.73090-100000@ren.sasknow.com> In-Reply-To: <011701c011ba$518788c0$df026b83@jason>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason wrote to freebsd-questions@FreeBSD.ORG:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have recently installed a FreeBSD 4.0-Release box and I am working
> on setting up a firewall and I am a bit stumped on a couple of rules.
> I am trying to get FTP to work and have setup the following rules
FTP service? Or client FTP? I assume you mean FTP service.
> pass tcp from any ftp\\-data-ftp to 192.168.10.2 setup
> pass udp from any ftp\\-data-ftp to 192.168.10.2
20 is the data port. You also need to allow access to the control port,
port 21.
Use these rules to allow access to an FTP server behind the
firewall. Remember to number them in order. These rules will work for a
dedicated firewall protecting a network, but will also work for host-based
filtering.
network=172.16.10.0/24 # Your network/mask address
ftp-server=172.16.10.99 # IP address of your FTP server
# You should already have the following rule:
pass tcp from any to any established
# Allow your network to establish any outgoing connections
pass tcp from ${network} to any setup
# Allow all FTP
pass tcp from any 20 to any
pass udp from any 20 to any
pass tcp from any to ${ftp-server} 21 setup
# Deny everything else
drop all from any to any
> the last rule is 'drop all from any to any'. I can't seem to get ftp
> to work if I leave in the 'drop all from any to any' rule. I have
> never worked with ipfw before so please don't be too harsh. TIA...
>
> - -Jason
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>;
>
> iQA/AwUBOau183FM6tZ+sl1iEQLvOQCdG49WCqZe9SnHcwqfkGmVkWqsQfQAn0J/
> rHejfkFgOrX5n2IgK/kblPUk
> =bJ33
> -----END PGP SIGNATURE-----
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
--
Ryan Thompson <ryan@sasknow.com>
Network Administrator, Accounts
Phone: +1 (306) 664-1161
SaskNow Technologies http://www.sasknow.com
#106-380 3120 8th St E Saskatoon, SK S7H 0W2
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008291531330.73090-100000>