From owner-freebsd-questions@FreeBSD.ORG Sun May 16 09:59:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5E7416A4CE for ; Sun, 16 May 2004 09:59:54 -0700 (PDT) Received: from mail4.bluewin.ch (mail4.bluewin.ch [195.186.4.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id AABEE43D5C for ; Sun, 16 May 2004 09:59:51 -0700 (PDT) (envelope-from martin@saturn.pcs.ms) Received: from saturn.pcs.ms (81.62.133.67) by mail4.bluewin.ch (Bluewin AG 7.0.028) id 40A46A680003C4DB; Sun, 16 May 2004 16:59:43 +0000 Received: from saturn.pcs.ms (localhost [127.0.0.1]) by saturn.pcs.ms (8.12.9p2/8.12.8) with ESMTP id i4GHGT63049797; Sun, 16 May 2004 19:16:29 +0200 (CEST) (envelope-from martin@saturn.pcs.ms) Received: (from martin@localhost) by saturn.pcs.ms (8.12.9p2/8.12.9/Submit) id i4GHGSda049796; Sun, 16 May 2004 19:16:28 +0200 (CEST) (envelope-from martin) Date: Sun, 16 May 2004 19:16:28 +0200 From: Martin Schweizer To: Gareth Bailey Message-ID: <20040516171628.GB47884@saturn.pcs.ms> Mail-Followup-To: Gareth Bailey , freebsd-questions@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZoaI/ZTpAVc4A5k6" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Organization: PC-Service M. Schweizer, CH-8608 Bubikon, Switzerland X-PGP-Key: http://www.pc-service.ch/pgp/public_key.asc X-Fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239 X-Spam-Status: No, hits=-6.9 required=3.0 tests=CLICK_BELOW,IN_REP_TO,PGP_SIGNATURE_2,QUOTED_EMAIL_TEXT, REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean cc: freebsd-questions@freebsd.org Subject: Re: FTP problem with IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Martin Schweizer List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 May 2004 16:59:55 -0000 --ZoaI/ZTpAVc4A5k6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Gareth I had a long time to find a solution for this tricky problem. If you want I= =20 can send you my rc.firewall. Am Tue, May 11, 2004 at 05:13:14PM +0200 Gareth Bailey schrieb: > I have recently setup IPFW on my FreeBSD 5.2 Release > server. I am running natd to provide inet to 5 LAN users. > It also runs mail, apache web server amongst others.=20 >=20 > All seems to be working fine, except for FTP. >=20 > The first two lines of my firewall file are: >=20 > add 1000 allow tcp from any to any via ed0 out keep-state > add 1100 allow udp from any to any via ed0 out keep-state >=20 > ... then later in the file: >=20 > add 3600 allow tcp from any to me dst-port 21 in via ed0 > setup keep-state=20 >=20 > I thought this would be sufficient to establish and > maintain FTP connections. I read through the mailing lists > and it seems that FTP is tricky with IPFW and natd. >=20 > Is there a simple solution to this problem? Can i just add > some other rule to my firewall? I read something about natd > punching through IPFW, is this the answer? >=20 > Any information will be mouch appreciated. >=20 > Thanks, > Gareth (IPFW newbie) > _____________________________________________________________________ > For super low premiums ,click here http://www.dialdirect.co.za/quote > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 Regards, Martin Schweizer PC-Service M. Schweizer; Gewerbehaus Schwarz; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc;=20 fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; --ZoaI/ZTpAVc4A5k6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQFAp6Hswa4WkdMP0jkRApvSAKClkXsMTQn92HcK2ZHHfwhD5AEl8gCgiif9 pbQ/iYp2iC+HYa0hw1tWM0k= =Bu+B -----END PGP SIGNATURE----- --ZoaI/ZTpAVc4A5k6--