From owner-freebsd-security  Tue Jun  8 11:49:19 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 8AD0F14D2A
	for <freebsd-security@FreeBSD.ORG>; Tue,  8 Jun 1999 11:49:15 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.1) id UAA71638;
	Tue, 8 Jun 1999 20:49:11 +0200 (CEST)
	(envelope-from des)
To: Archie Cobbs <archie@whistle.com>
Cc: fpscha@via-net-works.net.ar (Fernando Schapachnik),
	freebsd-security@FreeBSD.ORG
Subject: Re: Passive FTP
References: <199906081814.LAA57994@bubba.whistle.com>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 08 Jun 1999 20:49:10 +0200
In-Reply-To: Archie Cobbs's message of "Tue, 8 Jun 1999 11:14:33 -0700 (PDT)"
Message-ID: <xzp7lpettnd.fsf@flood.ping.uio.no>
Lines: 16
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Archie Cobbs <archie@whistle.com> writes:
> Fernando Schapachnik writes:
> > 	Anyone has a sample on how to set up ipfw to permit passive FTP 
> > conections to the server? In my architecture the FTP server is 
> > firewalling itself.
> Simple... find out what client port ranges your FTP server uses (see
> the -U option to ftpd(8)) and then open your firewall to allow incoming
> TCP packets (including setup packets) to this port range on your server.

The description of the -U option in the ftpd(8) man page is
misleading. The actual range is defined by sysctl variables (which
default to the values given in the ftpd(8) man page); see ip(4).

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message