Date: Mon, 13 May 2002 09:53:09 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Nelis Lamprecht <nelis@brabys.co.za> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw problems Message-ID: <3CDFC545.1040906@potentialtech.com> References: <5.1.0.14.2.20020513152557.01269d30@192.96.48.11>
next in thread | previous in thread | raw e-mail | index | archive | help
Nelis Lamprecht wrote: > Hi > > In my ipfw ruleset I have got everything set to "allow tcp from any to > $myip $myports setup". Would the 'setup - TCP packets only. Match > packets that have the SYN bit set but no ACK bit.' deny me from ftp to > certain servers ? Do you also have "pass tcp from any to any established" somewhere in your ruleset? The "setup" one matches initial packets, if you don't have an "established" rule, subsequent packets will be denied. > Even with ports 20, 21 set to open when I enable my firewall it won't > allow me to download anything through the ports collection. You have to do the ftp in passive mode, _after_ your rules are set up correctly. If you're still having trouble, post your _entire_ ruleset to the list, your brief description of it isn't good enough for anyone to understand the interaction of rules in your ruleset. -- Bill Moran Potential Technology http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CDFC545.1040906>