Date: Fri, 11 May 2001 11:38:11 -0500 From: Mike Meyer <mwm@mired.org> To: "Artem Koutchine" <matrix@ipform.ru> Cc: questions@freebsd.org Subject: Re: Allow rules for ipfw for active ftp Message-ID: <15100.5491.929121.957331@guru.mired.org> In-Reply-To: <5989250@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Artem Koutchine <matrix@ipform.ru> types: > Is it possive to allow active (as opposite to passive) > ftp connection using ipfw rules? Yes, it's possible. You need to allow access from any arbitrary TCP port - though restricting to ports > 1024 will probably work - to either any port in 1024-4999, or any port in 49152-65535, or both, depending on your ftp server and system configuration. And that may not be sufficient. The higher port range is generally safe, but the lower one has lots of interesting things living in it that I'd rather *not* have accessible through the firewall. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15100.5491.929121.957331>