From owner-freebsd-questions@FreeBSD.ORG Sun Jan 30 15:45:52 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61C8416A4CE for ; Sun, 30 Jan 2005 15:45:52 +0000 (GMT) Received: from mail22.sea5.speakeasy.net (mail22.sea5.speakeasy.net [69.17.117.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3635D43D66 for ; Sun, 30 Jan 2005 15:45:52 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 25250 invoked from network); 30 Jan 2005 15:45:51 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail22.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 30 Jan 2005 15:45:51 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 7F3C882; Sun, 30 Jan 2005 10:45:50 -0500 (EST) Sender: lowell@be-well.ilk.org To: "Gerard Meijer" References: <082901c50621$290f8ea0$9600000a@guus> From: Lowell Gilbert Date: 30 Jan 2005 10:45:50 -0500 In-Reply-To: <082901c50621$290f8ea0$9600000a@guus> Message-ID: <44is5egbtd.fsf@be-well.ilk.org> Lines: 10 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: ipfw statefull ruleset problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2005 15:45:52 -0000 "Gerard Meijer" writes: > But I learned that that is not the right way to do this in a > statefull ruleset, because the dynamic rules don't have any use in > this way. So what is the right way to solve this? Don't do FTP? Use an FTP proxy that knows how to work around the firewall? FTP was designed for an Internet with end-to-end connectivity, which you're breaking by putting in a packet filter in the first place...