Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Mar 2001 09:30:25 +0200
From:      "Patrick O'Reilly" <patrick@mip.co.za>
To:        <freebsd-ipfw@FreeBSD.ORG>
Subject:   RE: freebsd 4.2 ipfw natd
Message-ID:  <NDBBIMKICMDGDMNOOCAIMEOPCEAA.patrick@mip.co.za>
In-Reply-To: <7e96417ea3ae.7ea3ae7e9641@mbox.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
Re FTP:

FTP Servers listen on Port 21, and then establish an FTP-Data connection in
'reverse' on their port 20 back to the client.  So you need to have rules
something like this:

------------------
# FTP - Allow access from our LAN to External FTP servers
${fwcmd} add pass tcp from any    to any 21         setup
${fwcmd} add pass tcp from any 20 to any 1024-65535 setup

# FTP - Allow access from the net to our FTP server
${fwcmd} add pass tcp from any        to x.x.x.x 21     setup
${fwcmd} add pass tcp from x.x.x.x 20 to any 1024-65535 setup
------------------

You will need to allow established, or use stateful rules, to keep the
connection running after setup.

Patrick O'Reilly.

-----Original Message-----
From: owner-freebsd-ipfw@FreeBSD.ORG
[mailto:owner-freebsd-ipfw@FreeBSD.ORG]On Behalf Of das@mbox.com.au
Sent: 22 March 2001 04:37
To: freebsd-ipfw@FreeBSD.ORG
Cc: voutah@pi.be
Subject: RE: freebsd 4.2 ipfw natd


Not a bad example at:

http://www.mostgraveconcern.com/freebsd

Check out the dual-homed host (Advanced topic number 4).

Sadly there is no example of what to do about ftp.  How do I allow ftp
for my internal clients?

eg.
# HTTP - Allow access to our web server
${fwcmd} add pass tcp from any to any 80 setup

What should it be for ftp?  I know ftp opens up all sort of other
ports, but not sure what to do.

I guess it is different if you want passive/active ftp.  Anybody got
examples of both?

Thanks,

Dave Seddon


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIMEOPCEAA.patrick>