From owner-freebsd-small Wed Dec 15 20:47: 5 1999 Delivered-To: freebsd-small@freebsd.org Received: from cobra.i3s.net (cobra.i3s.net [209.27.200.209]) by hub.freebsd.org (Postfix) with ESMTP id DDF5D14DC7 for ; Wed, 15 Dec 1999 20:46:54 -0800 (PST) (envelope-from jjg@bbnow.net) Received: from bbnow.net - 24.219.7.182 by i3s.net with Microsoft SMTPSVC; Wed, 15 Dec 1999 22:46:45 -0600 Message-ID: <38586E60.77971C6B@bbnow.net> Date: Wed, 15 Dec 1999 22:45:20 -0600 From: Nathan Zornes X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-small@FreeBSD.ORG Subject: Re: firewall, ipnat References: <19991215124159.A73250@nu.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Christopher Vance wrote: > I am currently using an old 386 as a dialout firewall using picoBSD, a > (slightly modified) dial configuration and some ipfw rules. > (My wife uses MS Win98 behind this machine, and I don't trust MS > software, hence pBSD...) > The firewall has 8M of memory, and I'd rather not use any of the 40M > hard disk, which is dedicated to MS WFW311 when the network is > disconnected. I currently boot off a floppy and leave the hard disk > alone. > I can't find any way to tell IE5 on MSW98 to use passive ftp, and I > want to keep the firewall rules as tight as possible, so it looks like > I need some sort of FTP proxy. (My ISP doesn't seem to have a visible > FTP proxy I can use, although I could ask further. I'd also rather > avoid reliance on 3rd parties, as much as possible.) Given the fact you would like to avoid third parties, is it not an option to have the clients use Netscape(passive ftp by default) or MSIE ( I think passive ftp by default) in order to make ftp connections? > Currently I run ipfw on the firewall, but am considering a change to > ipf and ipnat, since ipnat appears to have a builtin ftp proxy which > is ipf-friendly. I had a similar configuration. I do not run an ftp proxy. But I know that the clients behind my firewall are able to perform ftp transactions with no problems uploading or downloading with Netscape. I highly suggest using the combination of ipf and ipnat. I have used it on FreeBSD, Solaris Sparc, and Solaris x86 platforms. The "keep state" feature is pretty cool. Cheers, Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message