Date: Wed, 19 Jun 2002 13:00:41 +0200 From: net@wsf.at To: undisclosed-recipients:; Subject: natd punch_fw for passive ftp ? Message-ID: <20020619105957.KDZO9315.viefep13-int.chello.at@www.wsf.at>
next in thread | raw e-mail | index | archive | help
Hi there, (I hope this is the right list) I am in doubt about my understanding of the punch_fw option in natd, running on the client side: Should this option create temporary rules for passive ftp or not ? If it should - it does not (at least not on my 4.5-RELEASE box) If it should not - is there a reason for this difference compared to active mode ? What I try to setup is a ipfw-ruleset for strictly checking the flow between several interfaces. So I allow established traffic and only SYN packets to specfied ports, based on recv/xmit interface. As usual, ftp causes the biggest problems. Active ftp works fine using punch_fw but passive mode would require to open all high ports for outgoing SYN - exactly what I try to avoid. Any hints are welcome, Thanks Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619105957.KDZO9315.viefep13-int.chello.at>