From owner-freebsd-questions Wed Oct 17 12: 0:43 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42]) by hub.freebsd.org (Postfix) with ESMTP id 091ED37B407; Wed, 17 Oct 2001 12:00:35 -0700 (PDT) Received: from computer ([62.253.89.96]) by mta02-svc.ntlworld.com (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20011017190033.BQTC7267.mta02-svc.ntlworld.com@computer>; Wed, 17 Oct 2001 20:00:33 +0100 Message-ID: <0d5d01c1573d$7c914000$6760ff3e@computer> From: "Kastaki" To: , Cc: Subject: Fw: Firewalling on FreeBSD Date: Wed, 17 Oct 2001 19:56:52 +0100 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am copying this to two of the FreeBSD lists, and I am sure someone will help you.... Let me know, as I will start doing this soon!! ----- Original Message ----- From: sysadmin To: Sent: Tuesday, October 16, 2001 7:26 PM Subject: Firewalling on FreeBSD > Hey guys, I have been trying to figure this out all day and it has > lead me no where... I contacted a few of my friends online and their also > clueless to why my methods of madness haven't lead to success. > > I have setup a FreeBSD firewall on version 3.5-Stable that > basically denies all incoming connections, but allows established > connections and certain ports. Those ports for example are like 20,21,80 > etc.. ANYWAYS, to make a long story short I have had a big problem letting > anyone on my box ftp out to the world. It connects in fine, but it hangs > in both passive / and non passive modes. > > Here are some logs: > > Acrilic:/var/log# ipfw list|grep 20 > 00200 deny ip from any to 127.0.0.0/8 > 00200 allow tcp from any to any 20 > 00200 allow tcp from any to any 21 > 00200 allow tcp from any to any 22 > 00200 allow tcp from any to any 23 > 00200 allow tcp from any to any 25 > 00200 allow tcp from any to any 43 > 00200 allow udp from any to any 43 > 00200 allow tcp from any to any 53 > 00200 allow udp from any to any 53 > 00200 allow tcp from any to any 80 > 00200 allow tcp from any to any 113 in > 00200 allow tcp from any to any 113 uid bind out > 00200 allow tcp from any to any uid root out > 00200 allow udp from any to any uid root out > > > > ftp> passive > Passive mode off. > ftp> ls > 200 PORT command successful. > ^C > ^Z > [1]+ Stopped ftp ftp.freebsd.org > > > Any help would be appreciated, thanks! > > > ---------------Jonathan James---------------- > ----------Acrilic.net Systems Admin.--------- > Http://www.acrilic.net > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message