From owner-freebsd-security  Tue Jun  8 11:15:16 1999
Delivered-To: freebsd-security@freebsd.org
Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7])
	by hub.freebsd.org (Postfix) with ESMTP id 3C74714C46
	for <freebsd-security@FreeBSD.ORG>; Tue,  8 Jun 1999 11:15:15 -0700 (PDT)
	(envelope-from archie@whistle.com)
Received: (from archie@localhost)
	by bubba.whistle.com (8.9.2/8.9.2) id LAA57994;
	Tue, 8 Jun 1999 11:14:33 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199906081814.LAA57994@bubba.whistle.com>
Subject: Re: Passive FTP
In-Reply-To: <199906081509.MAA19423@ns1.sminter.com.ar> from Fernando Schapachnik at "Jun 8, 99 12:09:50 pm"
To: fpscha@via-net-works.net.ar (Fernando Schapachnik)
Date: Tue, 8 Jun 1999 11:14:33 -0700 (PDT)
Cc: freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Fernando Schapachnik writes:
> 	Anyone has a sample on how to set up ipfw to permit passive FTP 
> conections to the server? In my architecture the FTP server is 
> firewalling itself.

Simple... find out what client port ranges your FTP server uses (see
the -U option to ftpd(8)) and then open your firewall to allow incoming
TCP packets (including setup packets) to this port range on your server.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message