Date: Sat, 19 Jan 2002 12:50:51 +0600 From: "Eugene Panchenko" <replicator@ngs.ru> To: questions@freebsd.org Subject: IPFW uid-based filtering and FTP passive mode Message-ID: <web-8235528@intranet.ru>
next in thread | raw e-mail | index | archive | help
Hello! I've setup a IPFW based firewall on my box, and the one of the reasons was to prevent listening on all TCP ports (except few selected ones, like ssh, http, irc, etc). However, this setup obviously causes problems with FTP passive mode, which requite listening on some high-numbered (unprivileged) port. OK, I said, "I can limit the range of ports to listen to in my FTPd config, and I know that it runs under user ftp (cause I allowed only anonymous logins) immediately after it bind()s to port 20/21." So, I've written the following rules: ${fwcmd} add pass tcp from any to ${ip} established ${fwcmd} add pass tcp from any to ${ip} 14000-14199 setup uid ftp keep-state But, it does *NOT* work!!! Changing 'ftp' to 'root' didn't solve the problem either. Removing 'uid ftp' solved it... Cna any one help me? I'm using pure-ftpd btw. 10x. ____________________________________________________________ Сделайте себе подарок - http://ngs.ru/tovar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-8235528>