Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Dec 2000 10:23:41 -0300 (ART)
From:      Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar>
To:        Peter Ross <petros@pps.de>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: FTP and firewall
Message-ID:  <200012201323.KAA95716@ns1.via-net-works.net.ar>
In-Reply-To: <200012201306.OAA00816@pps.de> "from Peter Ross at Dec 20, 2000 02:06:34 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
man ipf, and check:

http://www.obfuscation.org/ipf/ipf-howto.txt

ipfilter can do this in a much safer way than what I suggested there.

Regards.

En un mensaje anterior, Peter Ross escribió:
> Hello,
> 
> I'm listen here and hope for answers. Sorry for my English. My girlfriend
> did some remarks..
> 
> I found these mails discussing the same problem:
> 
> ( http://docs.freebsd.org/mail/archive/2000/freebsd-security/20000402.freebsd-security.html
> )
> 
> Paul Hart <hart@iserver.com> wrote:
> 
> > On Wed, 29 Mar 2000, Alan Batie wrote:
> > 
> > > To do active mode ftp properly, ipfw would need to parse the contents
> > > of the packets on the ftp control channel and dynamically allow the
> > > corresponding incoming connection.  There's no indication that this
> > > parsing capability is present.
> > 
> > I know we're talking about IPFW here, but hasn't IP Filter (also included
> > with FreeBSD) been supporting this very operation for quite a while now?
> 
> I checked the man page again but I can't see it.
> 
> And Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> wrote:
> 
> > What I have done is to configure FTPd to use ports between 40000 and 
> > 44999 (wu-ftpd allows it to be done easily; don't know others) and then:
> 
> > allow tcp from any to my_ip 40000-44999 in setup
> 
> > It's not the best, but still better than nothing.
> 
> But what's the best?
> 
> Peter Ross
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 




Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fschapachnik@vianetworks.com.ar
Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012201323.KAA95716>