Date: Thu, 11 Oct 2001 06:24:06 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "Brock Kreiser" <root63@earthlink.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: firewall Message-ID: <200110111324.f9BDOvl06544@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 11 Oct 2001 00:56:02 EDT." <001101c15211$09dc51c0$0500a8c0@brockspc>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <001101c15211$09dc51c0$0500a8c0@brockspc>, "Brock Kreiser" writes: > This is a multi-part message in MIME format. > Hey all, > > Let me start by saying im a new to fbsd but im learning fast:) im run = > 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue Oct 9 09:44:05 EDT 2001 and want = > to no is how to configure this box to be a firewall with a way to have a = > ftp routed to another machine running win 2k on an internal network... = > Is there any good docs on this kind of setup? Any kind of help in the = > right direction would be greatly appreciated... FreeBSD comes with two firewalls, IPFW and IP Filter. Take a look at the ipf(1), ipnat(1), ipfw(8), and natd(8) man pages. Having said all that, you will have to seriously open your firewall in order to make FTP work properly through your firewall. Even if you restrict your FTP clients to using PORT (active) FTP, people can still use an FTP bounce to map or even gain access to other hosts and ports behind the firewall through your FTP server. These are two of the reasons I've been an advocate (on various mailing lists) of deprecating the FTP protocol. If you absolutely have to use the FTP protocol, put the FTP server on an external network or if you cannot do that on your DMZ. (I haven't even begun to talk about the various FTP server software vulnerabilities). If you still need to put an FTP server behind your firewall, you might be able to perform NAT using IP Filter's FTP proxy on the internal interface of your firewall. I haven't tried this, so I don't know whether it would work. Search the IP Filter mailing list archives at false.net for more info. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110111324.f9BDOvl06544>