From owner-freebsd-questions  Tue Feb 12 23:22:20 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from aurora.5ci.lt (aurora.5ci.net [212.122.64.14])
	by hub.freebsd.org (Postfix) with ESMTP id B503C37B402
	for <questions@freebsd.org>; Tue, 12 Feb 2002 23:22:16 -0800 (PST)
Received: by AURORA with Internet Mail Service (5.5.2653.19)
	id <1RSDPGW4>; Wed, 13 Feb 2002 09:22:14 +0200
Message-ID: <E2D6558ABE18D4119E720060084C966D0224642F@AURORA>
From: Simas Cepaitis <Simas@5ci.lt>
To: 'Chris Collins' <chris@collins-ca.com>, questions@freebsd.org
Subject: RE: NAT/IPFW security question
Date: Wed, 13 Feb 2002 09:22:13 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> -----Original Message-----
> From: Chris Collins [mailto:chris@collins-ca.com]
> Sent: Wednesday, February 13, 2002 2:37 AM
> To: questions@freebsd.org
> Subject: NAT/IPFW security question
> 
> Here is a complete list of my rules.
> 
> -f flush
> add divert natd all from any to any via dc0
> add pass all from any to any
> add 230 allow tcp from any to 21 via dc0

 what is destination for this rule? it seems that you
 want to allow connections to 21 port, but where?
 any? me?
 try rewriting rules like
 add 230 allow tcp from any to any 21 via dc0
 and delete pass from any to any rule :)
 Hope that clue would help.

 Simas Cepaitis
 simas@5ci.lt

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message