Date: Wed, 20 Dec 2000 10:23:41 -0300 (ART) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: Peter Ross <petros@pps.de> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FTP and firewall Message-ID: <200012201323.KAA95716@ns1.via-net-works.net.ar> In-Reply-To: <200012201306.OAA00816@pps.de> "from Peter Ross at Dec 20, 2000 02:06:34 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
man ipf, and check: http://www.obfuscation.org/ipf/ipf-howto.txt ipfilter can do this in a much safer way than what I suggested there. Regards. En un mensaje anterior, Peter Ross escribió: > Hello, > > I'm listen here and hope for answers. Sorry for my English. My girlfriend > did some remarks.. > > I found these mails discussing the same problem: > > ( http://docs.freebsd.org/mail/archive/2000/freebsd-security/20000402.freebsd-security.html > ) > > Paul Hart <hart@iserver.com> wrote: > > > On Wed, 29 Mar 2000, Alan Batie wrote: > > > > > To do active mode ftp properly, ipfw would need to parse the contents > > > of the packets on the ftp control channel and dynamically allow the > > > corresponding incoming connection. There's no indication that this > > > parsing capability is present. > > > > I know we're talking about IPFW here, but hasn't IP Filter (also included > > with FreeBSD) been supporting this very operation for quite a while now? > > I checked the man page again but I can't see it. > > And Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> wrote: > > > What I have done is to configure FTPd to use ports between 40000 and > > 44999 (wu-ftpd allows it to be done easily; don't know others) and then: > > > allow tcp from any to my_ip 40000-44999 in setup > > > It's not the best, but still better than nothing. > > But what's the best? > > Peter Ross > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012201323.KAA95716>