Date: Fri, 7 Jul 2000 22:55:20 +0200 From: Harold Gutch <logix@foobar.franken.de> To: openzero@bsdmail.com, freebsd-security@FreeBSD.ORG Subject: Re: Firewalls and the endless story! Message-ID: <20000707225520.B25629@foobar.franken.de> In-Reply-To: <20000706112624.69972.qmail@bsdmail.com>; from openzero@bsdmail.com on Thu, Jul 06, 2000 at 12:26:24PM %2B0100 References: <20000706112624.69972.qmail@bsdmail.com>
index | next in thread | previous in thread | raw e-mail
On Thu, Jul 06, 2000 at 12:26:24PM +0100, openzero@bsdmail.com wrote:
> > On Wed, Jul 05, 2000 at 03:57:22PM -0500, Chris Dillon wrote:
> >
> >
> > Yes, and the original poster demonstrated even further stupidity
> > by adding a proprietary product (SecureBSD 1.0) into the mix and
> > then expect that we support it.
> >
> > "Works for me."
> >
>
> Yeah!
> Thanks for the wonderful word "stupidity", but hey!
> I think, after using FreeBSD-2.2.8, FreeBSD-3.4,
> FreeBSD-4.0, that FreeBSD-2.2.8-STABLE is the best
> for MYSELF! What you do, is not by business!
> You are an architect! Are these the only words
> you can use? I know, that SecureBSD isn't supported
> by FreeBSD.org, coz it's not a product of
> FreeBSD.org and it's only a preview!
>
> (German: Als Architekt hätte ich schon mal gerne
> eine gehobenere Ausdrucksweise erwartet und
> keine Kindergartenbegründungen wie: das ist doof!
> Um unwiederständlich klarzumachen: Ich stehe unter
> großem Zeitdruck und bisher konnte mir noch kein
> Mensch einen wirklich guten Tip geben! Das stellt mich
> unter Spannung, was solche Ausdrucksweisen natürlich noch mehr aggressiv macht!)
Perhaps your spelling ("coz", "rulez" etc.) is the reason for
people being "ignorant" towards you. For me that - and the lack
of a realname in your mail's headers - were two reasons (among
others like lack of time and interest) to never even consider
replying to your mails.
Anyway (see below), somebody already gave you a correct answer in
the last thread you started. If the problem still persisted
after that, you could/should have stated so.
Show maturity in your mails and people will answer maturely.
From your IPFW-configuration:
> $fwcmd add allow log tcp from any to any 21 setup
> $fwcmd add allow log tcp from any 20 to any setup # really needed ?????
The last rule above won't get you any closer to anonymous FTP on
your machine. What you'd need, is something like:
$fwcmd add allow log tcp from any to $MYIP 20
$fwcmd add allow log tcp from $MYIP 20 to any
where the first one lets "passive" FTP-packets pass and the second
one "active" FTP-packets.
As Manfredi Blasucci already replied to your last mail, the
"setup" keyword was the problem.
In fact, I guess you might even be able to limit the remote
port-ranges to a few thousand ports somewhere in the range of
port 44000 (that should be mentioned in the ftpd manpage).
bye,
Harold
--
Someone should do a study to find out how many human life spans have
been lost waiting for NT to reboot.
Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000707225520.B25629>