Date: Fri, 11 May 2001 19:45:57 +0200 (CEST) From: Paul Herman <pherman@frenchfries.net> To: Mike Meyer <mwm@mired.org> Cc: Artem Koutchine <matrix@ipform.ru>, <questions@FreeBSD.ORG> Subject: Re: Allow rules for ipfw for active ftp Message-ID: <Pine.BSF.4.33.0105111943380.34173-100000@husten.security.at12.de> In-Reply-To: <15100.5491.929121.957331@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 May 2001, Mike Meyer wrote: > Artem Koutchine <matrix@ipform.ru> types: > > Is it possive to allow active (as opposite to passive) > > ftp connection using ipfw rules? > > Yes, it's possible. You need to allow access from any arbitrary TCP > port - though restricting to ports > 1024 will probably work - to > either any port in 1024-4999, or any port in 49152-65535, or both, > depending on your ftp server and system configuration. And that may > not be sufficient. I've used the '-punch_fw' option to natd(8) with relatively good results. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0105111943380.34173-100000>