From owner-freebsd-security Sun Sep 19 15: 2:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id 39A4B150E3 for ; Sun, 19 Sep 1999 15:02:53 -0700 (PDT) (envelope-from JHowie@msn.com) Received: from JHowie - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Sun, 19 Sep 1999 15:01:54 -0700 Message-ID: <003f01bf02eb$bc3f0500$fd01a8c0@pacbell.net> From: "John Howie" To: , "Brett Glass" References: <4.2.0.58.19990917090848.04e582e0@localhost> Subject: Re: Best way to do FTP with NAT and firewall? Date: Sun, 19 Sep 1999 15:10:07 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As a side issue, the man page for FTP is wrong about the port range it uses for data connections. The man page (in 3.2-RELEASE) says that ports in the range 40000 to 44999 are used. Checking /usr/include/netinet/in.h you'll find the portrange is actually 49152 - 65535. And the FTP client uses this too... john... ----- Original Message ----- From: Brett Glass To: Sent: Friday, September 17, 1999 8:16 AM Subject: Best way to do FTP with NAT and firewall? > I've just set up a firewall for a client using ipfw and natd. Trouble is, his software seems to be particularly insistent on doing active, rather than passive, FTP. This poses a problem, of course, because a remote system can't open just data sockets to one behind the firewall due to NAT. > > I've worked with plenty of commercial firewalls that monitor FTP control connections and spoof the port number for the data sockets. SLiRP does it; so, apparently, does the pppd that comes with FreeBSD. But I can't find any documented way to do it with ipfw and natd. > > Are there undocumented commands to accomplish this? > > --Brett > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message