From owner-freebsd-questions  Mon Feb  4 11:51:25 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from stereophonic.noops.org (adsl-63-195-97-84.dsl.snfc21.pacbell.net [63.195.97.84])
	by hub.freebsd.org (Postfix) with SMTP id 3B44437B422
	for <questions@freebsd.org>; Mon,  4 Feb 2002 11:50:51 -0800 (PST)
Received: (qmail 43722 invoked by uid 1000); 4 Feb 2002 19:50:51 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 4 Feb 2002 19:50:51 -0000
Date: Mon, 4 Feb 2002 11:50:51 -0800 (PST)
From: Thomas Cannon <tcannon@noops.org>
To: Drew Tomlinson <drew@mykitchentable.net>
Cc: <questions@freebsd.org>
Subject: Re: Active FTP Through Firewall?
In-Reply-To: <00b901c1ada2$4d304200$c42a6ba5@lc.ca.gov>
Message-ID: <20020204114451.P42857-100000@stereophonic.noops.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Not an answer, per se, but an option. And not even a very good one.

You might try installing an FTP proxy on your machine running ipfw... that
is, if your anti-virus program allows that to be configured. If it won't
let you choose passive mode FTP, it probably doesn't. That's pretty weak.

Cheers,

Thomas


On Mon, 4 Feb 2002, Drew Tomlinson wrote:

> I'm using ipfw on 4.5-Release.  I have created a rule set based on the
> rc.firewall.current script found at
> http://www.bsdtoday.com/2000/December/Features359.html and have been
> using it successfully for several months.  Passive FTP transfers
> initiated from the inside will work through the firewall just fine.
> However, active transfers do not.  I'd like to get active transfers
> working so that my backup software can update its virus protection data
> files without my intervention.  Is there a rule I can add to open port
> 20 when I initiate a FTP transfer?  I have seen the punch_fw option in
> natd but I am not using natd (NAT is handled by my DSL modem/router).
> I've searched Google but have not found a definitive answer although I
> suspect I can not do what I want.  Can anyone confirm or deny my
> suspicions?
>
> Thanks,
>
> Drew
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message