From owner-freebsd-questions Fri May 11 9:37: 0 2001 Delivered-To: freebsd-questions@freebsd.org Received: from trinity.lee.net (trinity.lee.net [208.229.121.1]) by hub.freebsd.org (Postfix) with ESMTP id D0A7537B423 for ; Fri, 11 May 2001 09:36:53 -0700 (PDT) (envelope-from awells@journalstar.com) Received: from journalstar.com (leepcC-018.sub-c.lee.net [208.205.126.18]) by trinity.lee.net (8.9.3/8.9.3) with ESMTP id KAA20540; Fri, 11 May 2001 10:59:22 -0500 Message-ID: <3AFC0C37.5AD65CC2@journalstar.com> Date: Fri, 11 May 2001 10:58:47 -0500 From: Tony Wells X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.0.36 i386) X-Accept-Language: en MIME-Version: 1.0 To: Artem Koutchine Cc: questions@FreeBSD.ORG Subject: Re: Allow rules for ipfw for active ftp References: <001c01c0d9fe$f897ea80$0c00a8c0@ipform.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I you need to open up ports 49152 - 65535. You can read the ftpd man page for more info. Artem Koutchine wrote: > > Hi! > > Is it possive to allow active (as opposite to passive) > ftp connection using ipfw rules? I put my local network > behind a restrictive firewall (everything is denied by > default) and now i must form allow rules to allow > ftp connections. For passive connection everything is > ok (client connect to server on 21, servers tell where > to connect for data, client connect to server on that > port) but for active connections server must connect > to client on the port that client told the server. I think > I understood ftp protocol right. I cannot imaging > ipfw tules to allow the second (active) case. MAybe > someone has done it? > > Artem > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message