Date: Sat, 15 Jun 2002 12:38:28 -0700 (PDT) From: John Newlin <jnewlin@tsoft.com> To: freebsd-questions@freebsd.org Subject: natd, ipfw, ipsec, upd and ftp questions Message-ID: <200206151938.MAA26712@shell.tsoft.com>
next in thread | raw e-mail | index | archive | help
Hi,
I have a setup like so:
-----------
Internet <---> | natd/ipfw | <----> Internal private net 192.168.0.0
-----------
I'm using a slightly modified Simple ipfw ruleset that comes with the 4.5 Release.
Questions:
ftp does not work from the internal net, except in passive mode. What is the magik
required to make ftp work?
UPD Question:
I play games that open up upd connections. I want to open up the minimum number
of UPD sockets. Is the proper thing to do to allow incoming UPD on the
portrange specified in:
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
for udp
something like:
ipfw add allow udp from any 1024-5000 to any via ${oif}
and any internal above 1024 to outside should be safe:
ipfw add allow udp from any to any 1024-65535 via {$iif}
That look ok? Or are there some stupid upd services that broadcast
above 1024, that I should be wary of?
IPSec question:
I have an IPSec client on my internal Windows machine that I use to connect
to my office. I added the following ruleset:
ipfw add allow esp from any to any
ipfw add allow gre from any to any
ipfw add allow ah from any to any
Is this safe, or is there a way to tighten that up?
Thanks for your input,
-John
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206151938.MAA26712>