From owner-freebsd-security Tue Dec 29 14:47:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA23438 for freebsd-security-outgoing; Tue, 29 Dec 1998 14:47:29 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA23432 for ; Tue, 29 Dec 1998 14:47:27 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id OAA66134; Tue, 29 Dec 1998 14:47:08 -0800 (PST) Message-Id: <199812292247.OAA66134@burka.rdy.com> Subject: Re: ipfw and ftp In-Reply-To: <368934C7.18C17F62@thegrid.net> from Dean at "Dec 29, 1998 12: 0: 8 pm" To: dean@thegrid.net (Dean) Date: Tue, 29 Dec 1998 14:47:08 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dean writes: > Hello again, > I am setting up a packet filtering gateway between a small LAN and > the Internet. I am interested in hearing how people have solved the > problem of getting ftp out from the inside. I assume that I will have > to set up ftp on the gateway machine and anyone who wants to ftp out > will have to do a two-part ftp. The lan is small enough that this isn't > too much of a problem. I have this: ruleadd(`pass tcp from any 20 to any 30000-63000 via NETIF setup') ruleadd(`pass tcp from any 20 to any 1024-4096 via NETIF setup') Or alternatively, you can use passive ftp only. In this case you won't need any of these. > Thanks for the input, > Dean > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message