From owner-freebsd-security Tue Dec 19 3:41:37 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 19 03:41:33 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from pps.de (mail.pps.de [217.13.200.134]) by hub.freebsd.org (Postfix) with ESMTP id B8ECB37B402 for ; Tue, 19 Dec 2000 03:41:32 -0800 (PST) Received: from jung7.pps.de (jung7.pps.de [192.9.200.17]) by pps.de (8.9.3/8.9.3) with ESMTP id MAA94362; Tue, 19 Dec 2000 12:57:06 +0100 (CET) (envelope-from petros@pps.de) Received: from jung9.pps.de by jung7.pps.de (8.9.3+Sun/ZRZ-Sol2) id MAA08353; Tue, 19 Dec 2000 12:38:58 +0100 (MET) Received: from jung9 by jung9.pps.de (8.9.1b+Sun/ZRZ-Sol2) id MAA26842; Tue, 19 Dec 2000 12:38:58 +0100 (MET) Message-Id: <200012191138.MAA26842@jung9.pps.de> Date: Tue, 19 Dec 2000 12:38:58 +0100 (MET) From: Peter Ross Reply-To: Peter Ross Subject: Re: FTP and firewall To: freebsd-security@freebsd.org Cc: drew@planetwe.com MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: UEZCZhKMcnqz36ZXe4co/g== X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Drew Sanford answered to my question > > I see five different ways to solve the FTP firewall problem: > > 1. external FTP server and mirror through the firewall .. > > Can I use cpdup (ports collection)? > I speak typo - I assume you mean cvsup. No, I meant cpdup ( a mirror tool listed in the ports collection). cvsup.. thanks for the new idea. Yesterday I heard an opinion: "make and dependencies". Hmmh. --- I inherited an old FTP server (SUsE Linux 5.3 - Kernel 2.0.x). This server is protected fy firewall rules and uses NFS mounts. (My suggestion 4.) > > 4. firewall with FTP server and NFS access to the company network Every fortnight I have to reboot the machine.. I checked some articles and books about security and firewalls etc. I found "FTP is a problem" but not one good advise how to deal with it. So I decided to discuss the problem here. It would be nice to know how other administrators solve the problem and what safety-conscious people think about. --- Maybe someone did it in the way I tried (internal FTP server and redirect) and has a firewall rule set? That would be fine. --- Yesterday I checked the ftpd sources. Has someone used this sources to build a proxy? The external ftpd parse the command string and forward it to the internal ftpd. The external ftpd build requested data connections to the clients and receives or send data via a second port to the internal ftpd. Advantage: defined ports through the firewall. Thanks for every advice or opinion Peter Ross To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message