Date: Sat, 19 Jan 2002 12:50:51 +0600 From: "Eugene Panchenko" <replicator@ngs.ru> To: questions@freebsd.org Subject: IPFW uid-based filtering and FTP passive mode Message-ID: <web-8235528@intranet.ru>
next in thread | raw e-mail | index | archive | help
Hello!
I've setup a IPFW based firewall on my box, and the one of
the reasons was to prevent listening on all TCP ports
(except few selected ones, like ssh, http, irc, etc).
However, this setup obviously causes problems with FTP
passive mode, which requite listening on some high-numbered
(unprivileged) port. OK, I said, "I can limit the range of
ports to listen to in my FTPd config, and I know that it
runs under user ftp (cause I allowed only anonymous logins)
immediately after it bind()s to port 20/21." So, I've
written the following rules:
${fwcmd} add pass tcp from any to ${ip} established
${fwcmd} add pass tcp from any to ${ip} 14000-14199 setup
uid ftp keep-state
But, it does *NOT* work!!! Changing 'ftp' to 'root' didn't
solve the problem either. Removing 'uid ftp' solved it...
Cna any one help me? I'm using pure-ftpd btw. 10x.
____________________________________________________________
Сделайте себе подарок - http://ngs.ru/tovar
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-8235528>