From owner-freebsd-questions@FreeBSD.ORG Tue Jan 25 21:52:00 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A88FB16A4CE for ; Tue, 25 Jan 2005 21:52:00 +0000 (GMT) Received: from kende.com (ns1.kende.com [66.17.131.94]) by mx1.FreeBSD.org (Postfix) with SMTP id 35FA443D3F for ; Tue, 25 Jan 2005 21:52:00 +0000 (GMT) (envelope-from andras@kende.com) Received: (qmail 158 invoked by uid 0); 25 Jan 2005 21:52:08 -0000 Received: from unknown (HELO a) (24.1.129.219) by ns1.kende.com with SMTP; 25 Jan 2005 21:52:08 -0000 From: "Andras Kende" To: "'dick hoogendijk'" , Date: Tue, 25 Jan 2005 15:52:11 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20050125213834.218bf53c.dick@nagual.st> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcUDHfIQV7xgD+IUQKmBJq6aktT1lAACMN2g Message-Id: <20050125215200.35FA443D3F@mx1.FreeBSD.org> Subject: RE: ipf rules for ftp server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 21:52:00 -0000 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of dick hoogendijk Sent: Tuesday, January 25, 2005 2:39 PM To: freebsd-questions@freebsd.org Subject: ipf rules for ftp server I read the handbook and googled, but am still confused on the right rules for my FTP server. I use ipf. My ftp section in /etc/ipf.rules now is: # FTP server out pass out quick on rl0 proto tcp from any to any port = 21 flags S keep state pass out quick on rl0 proto tcp from any to any port > 1024 flags S keep state # Allow in FTP from the Internet pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state ## end I don't feel these are right. But maybe they are. Can somebody give me advice on this? The ftp server needs to be up-and-running asap; my children want to update there webpages ;-) -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.10 ++ Debian GNU/Linux (Woody) + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hello, Something like this would work: pass in quick on rl0 proto tcp from any to any port 50000 >< 51000 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP ACTIVE Also if you need passive ftp working you'll need to specify the passive port range in ftp server config.(pure-ftpd.conf: PassivePortRange = 50000 51000) Best regards, Andras Kende http://www.kende.com