From owner-freebsd-questions Sat May 12 6:59:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from osiris.ipform.ru (osiris.ipform.ru [212.158.165.98]) by hub.freebsd.org (Postfix) with ESMTP id AFF5A37B440 for ; Sat, 12 May 2001 06:59:15 -0700 (PDT) (envelope-from matrix@ipform.ru) Received: from wp2 (localhost.ipform.ru [127.0.0.1]) by osiris.ipform.ru (8.11.3/8.11.3) with SMTP id f4CDweC28621; Sat, 12 May 2001 17:58:41 +0400 (MSD) (envelope-from matrix@ipform.ru) Message-ID: <005f01c0daeb$a6f1ad40$0c00a8c0@ipform.ru> From: "Artem Koutchine" To: "Tony Wells" Cc: References: <001c01c0d9fe$f897ea80$0c00a8c0@ipform.ru> <3AFC0C37.5AD65CC2@journalstar.com> Subject: Re: Allow rules for ipfw for active ftp Date: Sat, 12 May 2001 17:53:26 +0400 Organization: IP Form MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've read the man page and don't understand one thing: Is this a protocol spec or just ftpd feature? I it is just ftpd behavior that opening the port will not help to connect in active mode to Windoze boxes or other ftp daemons. > I you need to open up ports 49152 - 65535. You can read the ftpd man > page for more info. > > Artem Koutchine wrote: > > > > Hi! > > > > Is it possive to allow active (as opposite to passive) > > ftp connection using ipfw rules? I put my local network > > behind a restrictive firewall (everything is denied by > > default) and now i must form allow rules to allow > > ftp connections. For passive connection everything is > > ok (client connect to server on 21, servers tell where > > to connect for data, client connect to server on that > > port) but for active connections server must connect > > to client on the port that client told the server. I think > > I understood ftp protocol right. I cannot imaging > > ipfw tules to allow the second (active) case. MAybe > > someone has done it? > > > > Artem > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message