Date: Sun, 19 Sep 1999 15:10:07 -0700 From: "John Howie" <JHowie@msn.com> To: <security@freebsd.org>, "Brett Glass" <brett@lariat.org> Subject: Re: Best way to do FTP with NAT and firewall? Message-ID: <003f01bf02eb$bc3f0500$fd01a8c0@pacbell.net> References: <4.2.0.58.19990917090848.04e582e0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
As a side issue, the man page for FTP is wrong about the port range it uses for data connections. The man page (in 3.2-RELEASE) says that ports in the range 40000 to 44999 are used. Checking /usr/include/netinet/in.h you'll find the portrange is actually 49152 - 65535. And the FTP client uses this too... john... ----- Original Message ----- From: Brett Glass <brett@lariat.org> To: <security@freebsd.org> Sent: Friday, September 17, 1999 8:16 AM Subject: Best way to do FTP with NAT and firewall? > I've just set up a firewall for a client using ipfw and natd. Trouble is, his software seems to be particularly insistent on doing active, rather than passive, FTP. This poses a problem, of course, because a remote system can't open just data sockets to one behind the firewall due to NAT. > > I've worked with plenty of commercial firewalls that monitor FTP control connections and spoof the port number for the data sockets. SLiRP does it; so, apparently, does the pppd that comes with FreeBSD. But I can't find any documented way to do it with ipfw and natd. > > Are there undocumented commands to accomplish this? > > --Brett > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003f01bf02eb$bc3f0500$fd01a8c0>