Date: Fri, 22 Feb 2002 13:49:01 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Sandro Mancuso <sandro.m@videotron.ca> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Firewall stuff Message-ID: <20020222134657.I11078-100000@cactus.fi.uba.ar> In-Reply-To: <000501c1bbbe$008151e0$6400a8c0@windows>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 Feb 2002, Sandro Mancuso wrote: > > Once upon a time, I was using pcconseal firewall (its too bad its not > around like it used to be, it was a pretty good windows firewall > program). What I remember about it was that it used to "know" what > programs were opening the ports in question. Now I'm setting up a > firewall on a gateway for my LAN. This sort of characteristic would be > a great help, imho (of course I have more limited knowledge in UNIX), > for properly allowing passive ftp transfers through. I'm messing with > IPFilter at the moment, I'm wondering if there's a way, in FreeBSD for > it (or any other firewalls?) to know what service is opening a port, so > that it may be opened only for a particular service. Or is that > something that should be defined within the ftpd itself (I'm not talking > about setting a specific portrange for passive transfers... a little > more than just that... making sure that only ftpd can use say ports > 15000-19000 outbound) Use ipnat's built in ftp proxy. Just add the following line to the top of your ipnat.rules file: map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp change xl0 for your external interface's name. Hope this helps Fer > > Thanks in advance... > > Sandro > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020222134657.I11078-100000>