From owner-freebsd-questions Fri May 11 2:44:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from osiris.ipform.ru (osiris.ipform.ru [212.158.165.98]) by hub.freebsd.org (Postfix) with ESMTP id 2BDFB37B424 for ; Fri, 11 May 2001 02:44:30 -0700 (PDT) (envelope-from matrix@ipform.ru) Received: from wp2 (localhost.ipform.ru [127.0.0.1]) by osiris.ipform.ru (8.11.3/8.11.3) with SMTP id f4B9iSC10007 for ; Fri, 11 May 2001 13:44:28 +0400 (MSD) (envelope-from matrix@ipform.ru) Message-ID: <001c01c0d9fe$f897ea80$0c00a8c0@ipform.ru> From: "Artem Koutchine" To: Subject: Allow rules for ipfw for active ftp Date: Fri, 11 May 2001 13:44:26 +0400 Organization: IP Form MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! Is it possive to allow active (as opposite to passive) ftp connection using ipfw rules? I put my local network behind a restrictive firewall (everything is denied by default) and now i must form allow rules to allow ftp connections. For passive connection everything is ok (client connect to server on 21, servers tell where to connect for data, client connect to server on that port) but for active connections server must connect to client on the port that client told the server. I think I understood ftp protocol right. I cannot imaging ipfw tules to allow the second (active) case. MAybe someone has done it? Artem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message