From owner-freebsd-questions Fri Jan 18 22:50:56 2002 Delivered-To: freebsd-questions@freebsd.org Received: from intranet.ru (tcms8.intranet.ru [212.164.0.135]) by hub.freebsd.org (Postfix) with ESMTP id 81D3537B405 for ; Fri, 18 Jan 2002 22:50:53 -0800 (PST) Received: from [195.35.69.243] (account ) by intranet.ru (CommuniGate Pro WebUser 3.4.8) with HTTP id 8235528 for ; Sat, 19 Jan 2002 12:50:51 +0600 From: "Eugene Panchenko" Subject: IPFW uid-based filtering and FTP passive mode To: questions@freebsd.org X-Mailer: CommuniGate Pro Web Mailer v.3.4.8 Date: Sat, 19 Jan 2002 12:50:51 +0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="KOI8-R" Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello! I've setup a IPFW based firewall on my box, and the one of the reasons was to prevent listening on all TCP ports (except few selected ones, like ssh, http, irc, etc). However, this setup obviously causes problems with FTP passive mode, which requite listening on some high-numbered (unprivileged) port. OK, I said, "I can limit the range of ports to listen to in my FTPd config, and I know that it runs under user ftp (cause I allowed only anonymous logins) immediately after it bind()s to port 20/21." So, I've written the following rules: ${fwcmd} add pass tcp from any to ${ip} established ${fwcmd} add pass tcp from any to ${ip} 14000-14199 setup uid ftp keep-state But, it does *NOT* work!!! Changing 'ftp' to 'root' didn't solve the problem either. Removing 'uid ftp' solved it... Cna any one help me? I'm using pure-ftpd btw. 10x. ____________________________________________________________ Сделайте себе подарок - http://ngs.ru/tovar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message