From owner-freebsd-ipfw@FreeBSD.ORG Fri Sep 8 05:15:00 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB47316A4DF for ; Fri, 8 Sep 2006 05:15:00 +0000 (UTC) (envelope-from mikexplorer@mail.ru) Received: from mx27.mail.ru (mx27.mail.ru [194.67.23.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F47143D46 for ; Fri, 8 Sep 2006 05:15:00 +0000 (GMT) (envelope-from mikexplorer@mail.ru) Received: from [212.248.51.146] (port=44070 helo=mike.gard.local) by mx27.mail.ru with esmtp id 1GLYhe-0000m5-00 for freebsd-ipfw@freebsd.org; Fri, 08 Sep 2006 09:14:58 +0400 Date: Fri, 8 Sep 2006 09:14:58 +0400 From: Mikhael Y Danilenko X-Mailer: The Bat! (v3.62.14) Professional X-Priority: 3 (Normal) Message-ID: <1605302864.20060908091458@mail.ru> To: freebsd-ipfw@freebsd.org In-Reply-To: <45008C28.3000807@enabled.com> References: <45008C28.3000807@enabled.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: rc.firewall rule for passive FTP from FTP server side X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mikhael Y Danilenko List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2006 05:15:01 -0000 Hi, Noah. N> ---- snip ---- N> #/** Allow setup of FTP PASSIVE **/ N> ${fwcmd} add allow tcp from ${ip} to any 1024-65534 keep-state N> ${fwcmd} add allow tcp from ${ip} to any 21 keep-state N> --- snip ---- My FTP server run as ftp server and client (for download software), and my ipfw rule: # Allow setup of incoming ftp ${fwcmd} add pass tcp from any to ${ip} 21 setup keep-state ${fwcmd} add pass tcp from any to ${ip} 49152-65535 setup keep-state # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from ${ip} to any setup keep-state