From owner-freebsd-questions@FreeBSD.ORG  Thu Sep  7 18:20:11 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 600B016A4DF
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Sep 2006 18:20:11 +0000 (UTC)
	(envelope-from admin2@enabled.com)
Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0EF5C43D53
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Sep 2006 18:20:11 +0000 (GMT)
	(envelope-from admin2@enabled.com)
Received: from [172.24.241.5] (natint3.juniper.net [66.129.224.36])
	(authenticated bits=0)
	by typhoon.enabled.com (8.13.8/8.13.8) with ESMTP id k87IKA2J044128
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Thu, 7 Sep 2006 11:20:10 -0700 (PDT)
	(envelope-from admin2@enabled.com)
Message-ID: <450062B4.7060001@enabled.com>
Date: Thu, 07 Sep 2006 11:19:32 -0700
From: Noah <admin2@enabled.com>
User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <44FF4F7F.6030800@enabled.com> <44venzu4av.fsf@be-well.ilk.org>
In-Reply-To: <44venzu4av.fsf@be-well.ilk.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: rc.firewall rule for passive FTP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2006 18:20:11 -0000

Lowell Gilbert wrote:
> Noah <admin2@enabled.com> writes:
>
>   
>> what is a good rule to allow passive FTP to work.
>>
>> the following rules still blocks passive FTP.
>>
>>        #/** Allow setup of FTP PASSIVE **/
>>        ${fwcmd} add allow tcp from any to ${ip} 49152-65534 setup
>>     
>
> If the passive FTP client is on ${ip}, then that's the wrong
> direction; it needs to be able to *send* the SYN.
>   



the {$ip} refers to the IP address of rthe server.  might you please 
help me rewrite this rule?

Cheers,
Noah