From owner-freebsd-questions Wed Nov 8 22:34:33 2000 Delivered-To: freebsd-questions@freebsd.org Received: from post.webmailer.de (natmail2.webmailer.de [192.67.198.65]) by hub.freebsd.org (Postfix) with ESMTP id 47B4037B479 for ; Wed, 8 Nov 2000 22:34:29 -0800 (PST) Received: from localhost.localdom (p3E9E1620.dip.t-dialin.net [62.158.22.32]) by post.webmailer.de (8.9.3/8.8.7) with ESMTP id HAA22294 for ; Thu, 9 Nov 2000 07:34:27 +0100 (MET) Received: (from root@localhost) by localhost.localdom (8.11.1/8.11.1) id eA98mZR80203 for freebsd-questions@FreeBSD.ORG; Thu, 9 Nov 2000 09:48:35 +0100 (CET) From: bkoester Message-Id: <200011090848.eA98mZR80203@localhost.localdom> Subject: IPFW + FTP Problem To: freebsd-questions@FreeBSD.ORG Date: Thu, 9 Nov 2000 09:48:35 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello there -) I have a little problem with my ipfw script. I have opened several ports like 20, 21, 80, 25, 109, 110, 53 and i can surf, get my e-mails. If i want to do FTP, i can connect to these ftp servers, but i can not list their contents. Port 20+21 are opened, but this seems not to work correctly, i am sure i forgot something. Passive mode with my ftp clients seems not to work, too. The connection hangs somewhere and will be blocked. I am not a security paranoia person, but FreeBSD works as a nat router, mailserver (sendmail) and so on for my windows box. On my windows box there are many bogus apps who want to try to establish connections on ports they not should use so i only open ports as really needed for my requirements. Here is a snipset of my current configuration (not perfect i know sorry) isp="isp0" lan="ed1"; netz="192.168.0.0/24"; ipfw -f flush natd -interface isp0 ipfw add divert natd all from any to any via isp0 #Rest ipfw add deny tcp from any to any in via isp0 setup ipfw add pass tcp from any to any via isp0 established ipfw add deny all from ${netz} to any in via isp0 ipfw add deny all from 127.0.0.1 to any in via isp0 #Standarddienste ipfw add pass tcp from any to any 20,21,23,80,25,109,110,4751 ipfw add pass tcp from any 20,21,23,80,25,109,110,4751 to any ipfw add pass icmp from any to any ipfw add pass udp from any to any -- Best regards, Boris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message