From owner-freebsd-questions Fri Feb 22 8:49:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 7154D37B400 for ; Fri, 22 Feb 2002 08:49:52 -0800 (PST) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id g1MGn1d02674; Fri, 22 Feb 2002 13:49:01 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Fri, 22 Feb 2002 13:49:01 -0300 (ART) From: Fernando Gleiser To: Sandro Mancuso Cc: Subject: Re: Firewall stuff In-Reply-To: <000501c1bbbe$008151e0$6400a8c0@windows> Message-ID: <20020222134657.I11078-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 22 Feb 2002, Sandro Mancuso wrote: > > Once upon a time, I was using pcconseal firewall (its too bad its not > around like it used to be, it was a pretty good windows firewall > program). What I remember about it was that it used to "know" what > programs were opening the ports in question. Now I'm setting up a > firewall on a gateway for my LAN. This sort of characteristic would be > a great help, imho (of course I have more limited knowledge in UNIX), > for properly allowing passive ftp transfers through. I'm messing with > IPFilter at the moment, I'm wondering if there's a way, in FreeBSD for > it (or any other firewalls?) to know what service is opening a port, so > that it may be opened only for a particular service. Or is that > something that should be defined within the ftpd itself (I'm not talking > about setting a specific portrange for passive transfers... a little > more than just that... making sure that only ftpd can use say ports > 15000-19000 outbound) Use ipnat's built in ftp proxy. Just add the following line to the top of your ipnat.rules file: map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp change xl0 for your external interface's name. Hope this helps Fer > > Thanks in advance... > > Sandro > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message