Date: Wed, 30 Aug 2000 08:51:52 -0400 From: "Jason" <username@cac.net> To: "Ryan Thompson" <ryan@sasknow.com> Cc: <freebsd-questions@freebsd.org> Subject: Re: IPFW Message-ID: <00d901c01281$16b02e60$df026b83@jason> References: <Pine.BSF.4.21.0008291531330.73090-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Got it, thanks for the help!
- -Jason
- ----- Original Message -----
From: "Ryan Thompson" <ryan@sasknow.com>
To: "Jason" <username@cac.net>
Cc: <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, August 29, 2000 5:41 PM
Subject: Re: IPFW
> Jason wrote to freebsd-questions@FreeBSD.ORG:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I have recently installed a FreeBSD 4.0-Release box and I am
> > working on setting up a firewall and I am a bit stumped on a
> > couple of rules. I am trying to get FTP to work and have setup
> > the following rules
>
> FTP service? Or client FTP? I assume you mean FTP service.
>
>
> > pass tcp from any ftp\\-data-ftp to 192.168.10.2 setup
> > pass udp from any ftp\\-data-ftp to 192.168.10.2
>
> 20 is the data port. You also need to allow access to the control
> port, port 21.
>
> Use these rules to allow access to an FTP server behind the
> firewall. Remember to number them in order. These rules will work
> for a dedicated firewall protecting a network, but will also work
> for host-based filtering.
>
> network=172.16.10.0/24 # Your network/mask address
> ftp-server=172.16.10.99 # IP address of your FTP server
>
> # You should already have the following rule:
>
> pass tcp from any to any established
>
> # Allow your network to establish any outgoing connections
>
> pass tcp from ${network} to any setup
>
> # Allow all FTP
>
> pass tcp from any 20 to any
> pass udp from any 20 to any
> pass tcp from any to ${ftp-server} 21 setup
>
> # Deny everything else
>
> drop all from any to any
>
> > the last rule is 'drop all from any to any'. I can't seem to get
> > ftp to work if I leave in the 'drop all from any to any' rule. I
> > have never worked with ipfw before so please don't be too harsh.
> > TIA...
> >
> > - -Jason
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 6.5.8 for non-commercial use
> > <http://www.pgp.com>;
> >
> > iQA/AwUBOau183FM6tZ+sl1iEQLvOQCdG49WCqZe9SnHcwqfkGmVkWqsQfQAn0J/
> > rHejfkFgOrX5n2IgK/kblPUk
> > =bJ33
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
>
> --
> Ryan Thompson <ryan@sasknow.com>
> Network Administrator, Accounts
> Phone: +1 (306) 664-1161
>
> SaskNow Technologies http://www.sasknow.com
> #106-380 3120 8th St E Saskatoon, SK S7H 0W2
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>;
iQA/AwUBOa0DZnFM6tZ+sl1iEQJTkwCcC/8J+ZCPAemk2aXKrmxwhtaQ0gkAn2kT
SNZbOSzQK3yxYARzLo3r8TYY
=YiyZ
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00d901c01281$16b02e60$df026b83>