Date: Fri, 31 May 2002 15:01:07 -0500 From: "Darryl Hoar" <darryl@osborne-ind.com> To: <freebsd-questions@freebsd.org> Subject: IPFILTER & ftp - clarified Message-ID: <000701c208dd$e7b1f7b0$0701a8c0@darryl>
next in thread | raw e-mail | index | archive | help
Greetings, I have a firewall setup according to "How to build a Freebsd-stable firewall with IPFILTER". My Lan has windows machines on it as well as unix boxes. The Engineers are trying to ftp some cad drawings out to a ftp server on the internet. No joy. I posted a question and got a response <in /etc/ipnat.rules> add: map fxp1 0/0 -> 0/32 proxy port 21 ftp/tcp. Also received a RTFM (IPFILTER how-to), which says the same thing. If I ftp from the firewall, I can now connect to the external ftp server and access files, etc. Unfortunately, the clients on the network (windows) using Cuteftp, WS_ftp, etc cannot. Even a FreeBsd box on the network cannot access the external ftp server files (it can login) even when forced out of passive mode. The How-To said that in order to enable passive ftp through the firewall, put: pass out proto tcp all keep state. shouldn't this rule have an interface specified? Also, should this go right before my rule: block out quick on xl1 all Also as a side, what should I block to drop and not log RIP requests? thanks, Darryl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c208dd$e7b1f7b0$0701a8c0>