Date: Mon, 24 Dec 2001 09:51:43 +0100 From: Martin Schweizer <pcservi@spectraweb.ch> To: freebsd-questions@freebsd.org Subject: Re: ipfw & ftp Message-ID: <20011224095143.B318@spectraweb.ch>
next in thread | raw e-mail | index | archive | help
Hello Darryl I attached you my rc.firewall. I found a solution with passive and active ftp. On Fri, Dec 21, 2001 at 02:05:10PM -0600 Darryl Hoar wrote: > Greetings, > I have setup a firewall/router. My LAN has mostly > win9x, winNt & win2000 clients on it. Since I installed > the firewall, users have been unable to download files > from the internet that are on the vendors ftp site. The > firewall logs show nothing, but I'm assuming its related > to the firewall. > > How do I get around this problem safely? -- Regards Martin Schweizer <info@pc-service.ch> PC-Service M. Schweizer; Gewerbehaus Schwarz; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch # ipfw add allow all from 192.168.1.1/24 to any keep-state #Freigabe für das interne Netzwerk # ipfw flush # ipfw add allow all from any to any # keep-state = ermöglicht während einer bestimmten Zeit, die Kommunikation # zwischen Client und Server. Nach dieser Zeit (TTL), wird der # Port wieder geschlossen # DNS (läuft nur über UDP) ipfw add allow udp from me to any 53 keep-state ipfw add allow udp from 192.168.1.1/24 to any 53 keep-state # DHCP ipfw add allow udp from 192.168.1.1/24 68 to 192.168.1.1/24 67 keep-state ipfw add allow udp from me 67 to 192.168.1.1/24 68 keep-state ipfw add allow udp from me 67 to 192.168.1.1/24 67 keep-state ipfw add allow udp from 192.168.1.1/24 67 to me 67 keep-state # SMTP ipfw add allow tcp from me to any 25 keep-state ipfw add allow udp from me to any 25 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 25 keep-state ipfw add allow udp from 192.168.1.1/24 to any 25 keep-state # POP3 ipfw add allow tcp from me to any 110 keep-state ipfw add allow udp from me to any 110 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 110 keep-state ipfw add allow udp from 192.168.1.1/24 to any 110 keep-state # HTTP ipfw add allow tcp from me to any 80 keep-state ipfw add allow udp from me to any 80 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 80 keep-state ipfw add allow udp from 192.168.1.1/24 to any 80 keep-state # FTP ipfw add allow tcp from any to any 20 keep-state ipfw add allow tcp from any to any 21 keep-state ipfw add allow tcp from any 20 to me 1024-49151 keep-state # aktives FTP ipfw add allow tcp from any 20 to 192.168.1.1/24 1024-49151 keep-state # ipfw add allow tcp from me 1024-49151 to any keep-state # passives FTP 1. # ipfw add allow tcp from any 10224-49151 to me keep-state # passives FTP 2. # SSH ipfw add allow tcp from me to any 22 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 22 keep-state # Telnet ipfw add allow tcp from me to any 23 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 23 keep-state ipfw add allow tcp from 192.168.1.1/24 to me keep-state # Ping / TraceRoute ipfw add allow icmp from me to any ipfw add allow icmp from any to me ipfw add allow icmp from 192.168.1.1/24 to any ipfw add allow icmp from any to 192.168.1.1/24 # NetBIOS (Samba) ipfw add allow 137 from me to 192.168.1.1/24 keep-state ipfw add allow 137 from 192.168.1.1/24 to me keep-state ipfw add allow 139 from me to 192.168.1.1/24 keep-state ipfw add allow 139 from 192.168.1.1/24 ro me keep-state # Whois ipfw add allow tcp from me to any 63 keep-state ipfw add allow udp from me to any 63 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 63 keep-state ipfw add allow udp from 192.168.1.1/24 to any 63 keep-state # Gopher ipfw add allow tcp from me to any 70 keep-state ipfw add allow udp from me to any 70 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 70 keep-state ipfw add allow udp from 192.168.1.1/24 to any 70 keep-state # Finger ipfw add allow tcp from me to any 79 keep-state ipfw add allow udp from me to any 79 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 79 keep-state ipfw add allow udp from 192.168.1.1/24 to any 79 keep-state # NNTP ipfw add allow tcp from me to any 119 keep-state ipfw add allow udp from me to any 119 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 119 keep-state ipfw add allow udp from 192.168.1.1/24 to any 119 keep-state # NTP ipfw add allow tcp from me to any 123 keep-state ipfw add allow udp from me to any 123 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 123 keep-state ipfw add allow udp from 192.168.1.1/24 to any 123 keep-state # CVSUP ipfw add allow tcp from me to any 5999 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 5999 keep-state # Mailverwaltung Swiss-Web ipfw add allow tcp from me to any 88 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 88 keep-state To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011224095143.B318>