From owner-freebsd-questions Fri Oct 11 14:33: 8 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C873637B401 for ; Fri, 11 Oct 2002 14:33:07 -0700 (PDT) Received: from johnson.mail.mindspring.net (johnson.mail.mindspring.net [207.69.200.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6194F43E8A for ; Fri, 11 Oct 2002 14:33:07 -0700 (PDT) (envelope-from tristan11@mindspring.com) Received: from smui03.slb.mindspring.net ([199.174.114.22]) by johnson.mail.mindspring.net with esmtp (Exim 3.33 #1) id 1807P5-00084B-00 for freebsd-questions@freebsd.org; Fri, 11 Oct 2002 17:33:03 -0400 Received: by smui03.slb.mindspring.net id RAA0000032509; Fri, 11 Oct 2002 17:33:03 -0400 (EDT) Date: Fri, 11 Oct 2002 17:33:03 -0400 From: To: freebsd-questions@freebsd.org Reply-To: tristan11@mindspring.com Subject: re: ipfw rules Message-ID: X-Originating-IP: 12.43.53.1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG i was finally able to get ftp (using passive ftp) to work through our firewall. these are the rules I had to add: # /sbin/ipfw 10000 allow tcp from any 1024-65535 to any 21 out setup keep-state # /sbin/upfw 10001 allow tco from any 1024-65535 to any 1024-65535 setup keep-state the first rule (10000) allows our server to connect via any high port to any server out there on port 21(ftp). this is to initiate the 'control connection'. the second rule (10001) allows anyone to connect via high ports to and from our server. this is for the data transfer part. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message