From owner-freebsd-questions Thu Jun 6 18: 9:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mta-1.gci.net (mta-1.gci.net [208.138.130.82]) by hub.freebsd.org (Postfix) with ESMTP id C24C237B411 for ; Thu, 6 Jun 2002 18:08:51 -0700 (PDT) Received: from mmp-2.gci.net ([208.138.130.81]) by mta-1.gci.net (Netscape Messaging Server 4.15) with ESMTP id GXB9UN02.HBI for ; Thu, 6 Jun 2002 17:08:47 -0800 Received: from [24.237.15.200] ([24.237.15.200]) by mmp-2.gci.net (Netscape Messaging Server 4.15) with ESMTP id GXB9UN00.298; Thu, 6 Jun 2002 17:08:47 -0800 User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630) Date: Thu, 06 Jun 2002 17:08:48 -0800 Subject: Re: active ftp on ipfw and natd? From: Mark-Nathaniel Weisman To: Axel Scheepers Cc: Message-ID: In-Reply-To: <20020606141121.E67863@mars.thuis> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Those ports are not addressable from the outside are they? Could someone use that open port range to exploit the box? His Faithful Servant, Mark > From: Axel Scheepers > Reply-To: Axel Scheepers > Date: Thu, 6 Jun 2002 14:11:21 +0200 > To: Mark-Nathaniel Weisman > Cc: questions@freebsd.org > Subject: Re: active ftp on ipfw and natd? > > On Wed, Jun 05, 2002 at 11:47:19PM -0800, Mark-Nathaniel Weisman wrote: >> List, >> I was looking through the archives, and it would seem that a potential >> solution for my problem is punch_fw? I haven't read the man about it yet, >> however, I'm trying to run an active ftp connection through a natd/ipfw box >> to my webserver, I've got ports 20 and 21 open, and yet I can't seem to >> connect through the box, any assistance would be greatly appreciated, and >> yes I will go and read the man file on this. ;-) >> >> His Faithful Servant, >> Mark Weisman >> >> > Hi Mark, > > I think you have to open up ports 49152-65535 too for ftp to work; > also check these: > 02:10pm axel@mars:~ $sysctl -a | grep range > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.portrange.lowlast: 600 > net.inet.ip.portrange.first: 1024 > net.inet.ip.portrange.last: 5000 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.hilast: 65535 > > If you want that hole to be less big. > > Gr, > - > Axel Scheepers > UNIX System Administrator > > email: axel@axel.truedestiny.net > a.scheepers@iae.nl > http://axel.truedestiny.net/~axel > ------------------------------------------ > Seminars, n.: > From "semi" and "arse", hence, any half-assed discussion. > ------------------------------------------ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message