From owner-freebsd-security Fri Jul 7 13:55: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id 76A9C37BE61 for ; Fri, 7 Jul 2000 13:54:42 -0700 (PDT) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id WAA25921; Fri, 7 Jul 2000 22:55:20 +0200 (CEST) Message-ID: <20000707225520.B25629@foobar.franken.de> Date: Fri, 7 Jul 2000 22:55:20 +0200 From: Harold Gutch To: openzero@bsdmail.com, freebsd-security@FreeBSD.ORG Subject: Re: Firewalls and the endless story! References: <20000706112624.69972.qmail@bsdmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.93.2i In-Reply-To: <20000706112624.69972.qmail@bsdmail.com>; from openzero@bsdmail.com on Thu, Jul 06, 2000 at 12:26:24PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jul 06, 2000 at 12:26:24PM +0100, openzero@bsdmail.com wrote: > > On Wed, Jul 05, 2000 at 03:57:22PM -0500, Chris Dillon wrote: > > > > > > Yes, and the original poster demonstrated even further stupidity > > by adding a proprietary product (SecureBSD 1.0) into the mix and > > then expect that we support it. > > > > "Works for me." > > > > Yeah! > Thanks for the wonderful word "stupidity", but hey! > I think, after using FreeBSD-2.2.8, FreeBSD-3.4, > FreeBSD-4.0, that FreeBSD-2.2.8-STABLE is the best > for MYSELF! What you do, is not by business! > You are an architect! Are these the only words > you can use? I know, that SecureBSD isn't supported > by FreeBSD.org, coz it's not a product of > FreeBSD.org and it's only a preview! > > (German: Als Architekt hätte ich schon mal gerne > eine gehobenere Ausdrucksweise erwartet und > keine Kindergartenbegründungen wie: das ist doof! > Um unwiederständlich klarzumachen: Ich stehe unter > großem Zeitdruck und bisher konnte mir noch kein > Mensch einen wirklich guten Tip geben! Das stellt mich > unter Spannung, was solche Ausdrucksweisen natürlich noch mehr aggressiv macht!) Perhaps your spelling ("coz", "rulez" etc.) is the reason for people being "ignorant" towards you. For me that - and the lack of a realname in your mail's headers - were two reasons (among others like lack of time and interest) to never even consider replying to your mails. Anyway (see below), somebody already gave you a correct answer in the last thread you started. If the problem still persisted after that, you could/should have stated so. Show maturity in your mails and people will answer maturely. From your IPFW-configuration: > $fwcmd add allow log tcp from any to any 21 setup > $fwcmd add allow log tcp from any 20 to any setup # really needed ????? The last rule above won't get you any closer to anonymous FTP on your machine. What you'd need, is something like: $fwcmd add allow log tcp from any to $MYIP 20 $fwcmd add allow log tcp from $MYIP 20 to any where the first one lets "passive" FTP-packets pass and the second one "active" FTP-packets. As Manfredi Blasucci already replied to your last mail, the "setup" keyword was the problem. In fact, I guess you might even be able to limit the remote port-ranges to a few thousand ports somewhere in the range of port 44000 (that should be mentioned in the ftpd manpage). bye, Harold -- Someone should do a study to find out how many human life spans have been lost waiting for NT to reboot. Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message