From owner-freebsd-questions  Thu Apr 20 16:22: 8 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cytosine.dhs.org (cx272244-a.orng1.occa.home.com [24.1.177.149])
	by hub.freebsd.org (Postfix) with ESMTP id 9C69537B510
	for <questions@FreeBSD.ORG>; Thu, 20 Apr 2000 16:22:05 -0700 (PDT)
	(envelope-from bhishan@cytosine.dhs.org)
Received: (from bhishan@localhost)
	by cytosine.dhs.org (8.10.0/8.10.0) id e3KNLqx33162;
	Thu, 20 Apr 2000 16:21:52 -0700 (PDT)
From: Bhishan Hemrajani <bhishan@cytosine.dhs.org>
Message-Id: <200004202321.e3KNLqx33162@cytosine.dhs.org>
Subject: Re: firewall design
In-Reply-To: <38FF8B91.6F23DABF@aptec.com> from Aaron Birenboim at "Apr 20, 2000
 04:58:25 pm"
To: Aaron Birenboim <aaron@aptec.com>
Date: Thu, 20 Apr 2000 16:21:52 -0700 (PDT)
Cc: questions@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

http://www.freebsd.org/handbook/firewalls.html
http://www.freebsddiary.org/filtering.html
http://www.freebsddiary.org/firewalls.html

The most likely reason that you're having that FTP problem is because
you are not using PASV mode. Set your ftp client to use PASV mode
and all will be well.

--bhishan

> I have a great many questions about firewalling, by ipfw.
> Far too many to ask.
> 
> I have one working, but am often forced to punch holes
> in it to ger FTP clients working, ping (ICMP), etc.
> 
> Where can I find writings on how build a USEFULL
> firewall from FreeBSD?
> I'm having a hard time setting it up to allow what I want
> to allow through, nothing more, nothing less.
> Does the o'riley book cover examples pertinent to FreeBSD?
> Does anybody have a FBSD firewall DESIGN FAQ or www site?
> I know the iusage of the ipfw command, I just run into problems
> with things like ftp servers trying to make data sockets back
> to my network... is there a way to allow them in for that?
> It will only get harder when I get NAT running...
> -- 
> Aaron Birenboim         | Cell: (505) 350-1996 | Office: (505) 853-6866
> ATA, ABQ  NM            |  bug_aaron@aptec.com |  perl is the duct-tape
> aaron@aptec.com         | FAX:  (505) 768-1379 |      of software.
> www.aptec.com/~birenboi | Main Office 247-8371 |          - Grady Booch
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message