From owner-freebsd-questions Wed Aug 30 5:52:15 2000 Delivered-To: freebsd-questions@freebsd.org Received: from magneto.precisioncs.net (pcsi2.coast.net [207.158.140.138]) by hub.freebsd.org (Postfix) with ESMTP id 18DCA37B42C for ; Wed, 30 Aug 2000 05:52:09 -0700 (PDT) Received: from jason (jason.office.precisioncs.net [131.107.2.223]) by magneto.precisioncs.net (8.9.3/8.9.3) with SMTP id IAA51816; Wed, 30 Aug 2000 08:51:50 -0400 (EDT) (envelope-from username@cac.net) Message-ID: <00d901c01281$16b02e60$df026b83@jason> From: "Jason" To: "Ryan Thompson" Cc: References: Subject: Re: IPFW Date: Wed, 30 Aug 2000 08:51:52 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Got it, thanks for the help! - -Jason - ----- Original Message ----- From: "Ryan Thompson" To: "Jason" Cc: Sent: Tuesday, August 29, 2000 5:41 PM Subject: Re: IPFW > Jason wrote to freebsd-questions@FreeBSD.ORG: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I have recently installed a FreeBSD 4.0-Release box and I am > > working on setting up a firewall and I am a bit stumped on a > > couple of rules. I am trying to get FTP to work and have setup > > the following rules > > FTP service? Or client FTP? I assume you mean FTP service. > > > > pass tcp from any ftp\\-data-ftp to 192.168.10.2 setup > > pass udp from any ftp\\-data-ftp to 192.168.10.2 > > 20 is the data port. You also need to allow access to the control > port, port 21. > > Use these rules to allow access to an FTP server behind the > firewall. Remember to number them in order. These rules will work > for a dedicated firewall protecting a network, but will also work > for host-based filtering. > > network=172.16.10.0/24 # Your network/mask address > ftp-server=172.16.10.99 # IP address of your FTP server > > # You should already have the following rule: > > pass tcp from any to any established > > # Allow your network to establish any outgoing connections > > pass tcp from ${network} to any setup > > # Allow all FTP > > pass tcp from any 20 to any > pass udp from any 20 to any > pass tcp from any to ${ftp-server} 21 setup > > # Deny everything else > > drop all from any to any > > > the last rule is 'drop all from any to any'. I can't seem to get > > ftp to work if I leave in the 'drop all from any to any' rule. I > > have never worked with ipfw before so please don't be too harsh. > > TIA... > > > > - -Jason > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 6.5.8 for non-commercial use > > > > > > iQA/AwUBOau183FM6tZ+sl1iEQLvOQCdG49WCqZe9SnHcwqfkGmVkWqsQfQAn0J/ > > rHejfkFgOrX5n2IgK/kblPUk > > =bJ33 > > -----END PGP SIGNATURE----- > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > -- > Ryan Thompson > Network Administrator, Accounts > Phone: +1 (306) 664-1161 > > SaskNow Technologies http://www.sasknow.com > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOa0DZnFM6tZ+sl1iEQJTkwCcC/8J+ZCPAemk2aXKrmxwhtaQ0gkAn2kT SNZbOSzQK3yxYARzLo3r8TYY =YiyZ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message