Date: Thu, 06 Jun 2002 17:08:48 -0800 From: Mark-Nathaniel Weisman <mark@outlander.us> To: Axel Scheepers <axel@axel.truedestiny.net> Cc: <questions@freebsd.org> Subject: Re: active ftp on ipfw and natd? Message-ID: <B925479F.5DA9%mark@outlander.us> In-Reply-To: <20020606141121.E67863@mars.thuis>
next in thread | previous in thread | raw e-mail | index | archive | help
Those ports are not addressable from the outside are they? Could someone use that open port range to exploit the box? His Faithful Servant, Mark > From: Axel Scheepers <axel@axel.truedestiny.net> > Reply-To: Axel Scheepers <axel@axel.truedestiny.net> > Date: Thu, 6 Jun 2002 14:11:21 +0200 > To: Mark-Nathaniel Weisman <mark@outlander.us> > Cc: questions@freebsd.org > Subject: Re: active ftp on ipfw and natd? > > On Wed, Jun 05, 2002 at 11:47:19PM -0800, Mark-Nathaniel Weisman wrote: >> List, >> I was looking through the archives, and it would seem that a potential >> solution for my problem is punch_fw? I haven't read the man about it yet, >> however, I'm trying to run an active ftp connection through a natd/ipfw box >> to my webserver, I've got ports 20 and 21 open, and yet I can't seem to >> connect through the box, any assistance would be greatly appreciated, and >> yes I will go and read the man file on this. ;-) >> >> His Faithful Servant, >> Mark Weisman >> >> > Hi Mark, > > I think you have to open up ports 49152-65535 too for ftp to work; > also check these: > 02:10pm axel@mars:~ $sysctl -a | grep range > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.portrange.lowlast: 600 > net.inet.ip.portrange.first: 1024 > net.inet.ip.portrange.last: 5000 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.hilast: 65535 > > If you want that hole to be less big. > > Gr, > - > Axel Scheepers > UNIX System Administrator > > email: axel@axel.truedestiny.net > a.scheepers@iae.nl > http://axel.truedestiny.net/~axel > ------------------------------------------ > Seminars, n.: > From "semi" and "arse", hence, any half-assed discussion. > ------------------------------------------ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B925479F.5DA9%mark>