From owner-freebsd-hackers  Fri Jan  3 03:28:28 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id DAA14280
          for hackers-outgoing; Fri, 3 Jan 1997 03:28:28 -0800 (PST)
Received: from zen.nash.org (nash.pr.mcs.net [204.95.47.72])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id DAA14275
          for <hackers@FreeBSD.org>; Fri, 3 Jan 1997 03:28:25 -0800 (PST)
Received: from zen.nash.org (localhost [127.0.0.1]) by zen.nash.org (8.8.3/8.6.12) with SMTP id FAA27332; Fri, 3 Jan 1997 05:28:21 -0600 (CST)
Message-ID: <32CCED54.446B9B3D@mcs.com>
Date: Fri, 03 Jan 1997 05:28:20 -0600
From: Alex Nash <nash@mcs.com>
X-Mailer: Mozilla 3.01Gold (X11; I; FreeBSD 2.1.6.1-RELEASE i386)
MIME-Version: 1.0
To: Jaye Mathisen <mrcpu@cdsnet.net>
CC: hackers@FreeBSD.org
Subject: Re: Stupid ipfw question.
References: <Pine.NEB.3.95.970103012006.14712T-100000@mail.cdsnet.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Jaye Mathisen wrote:
> Why doesn't the following 2 rules allow any type of outbound TCP
> connection?
> 
>     /sbin/ipfw add pass tcp from ${ip} to any setup
>     /sbin/ipfw add pass tcp from any to any established

They do.  [On a stylistic note, I would probably swap the order
of established and setup for better performance.]

> Basically my FTP's are failing, but work fine in passive mode.

FTP active mode requires the server to be able to establish a
connection to the client.

I believe Nate ran into this same problem about 5-6 months ago.
What did you end up doing, Nate?

Alex