From owner-freebsd-current  Thu Jun 29  0:34:21 2000
Delivered-To: freebsd-current@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6072D37B94D; Thu, 29 Jun 2000 00:34:12 -0700 (PDT)
	(envelope-from ru@whale.sunbay.crimea.ua)
Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.9.3/1.13) id KAA12890; Thu, 29 Jun 2000 10:33:44 +0300 (EEST)
Date: Thu, 29 Jun 2000 10:33:44 +0300
From: Ruslan Ermilov <ru@sunbay.com>
To: Visigoth <visigoth@telemere.net>
Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: new ftpd feature...
Message-ID: <20000629103344.D10869@sunbay.com>
Mail-Followup-To: Visigoth <visigoth@telemere.net>,
	freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
References: <Pine.BSF.4.21.0006281121480.67967-300000@shell.telemere.net> <xzpr99hwwtt.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <xzpr99hwwtt.fsf@flood.ping.uio.no>; from des@flood.ping.uio.no on Wed, Jun 28, 2000 at 07:15:58PM +0200
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Jun 28, 2000 at 07:15:58PM +0200, Dag-Erling Smorgrav wrote:
> Visigoth <visigoth@telemere.net> writes:
> > [patches to limit the range of ports used for passive FTP]
> 
> des@flood ~% sysctl -A | grep portrange
> net.inet.ip.portrange.lowfirst: 1023
> net.inet.ip.portrange.lowlast: 600
> net.inet.ip.portrange.first: 1024
> net.inet.ip.portrange.last: 5000
> net.inet.ip.portrange.hifirst: 49152
> net.inet.ip.portrange.hilast: 65535
> 
> ftpd uses ports in the high range, just adjust the last two sysctls
> and you'll be fine.
> 
I had a firewall set up in this configuration (allowing "anonymous"
connects to the high portrange and denying otherwise).  It was great.
I can not see the reason why ftpd(8) would need an explicit portrange.


-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message