Date: Sun, 30 Sep 2001 12:10:47 -0400 From: Jim Freeze <jfreeze@freebsdportal.com> To: Ryan Thompson <ryan@sasknow.com> Cc: questions@freebsd.org Subject: Re: How to get FTP working for 4.4R Message-ID: <20010930121047.A6127@rabbit.lxintn1.ky.home.com> In-Reply-To: <Pine.BSF.4.21.0109300155370.6237-100000@ren.sasknow.com>; from ryan@sasknow.com on Sun, Sep 30, 2001 at 02:05:45AM -0600 References: <20010930012122.A1187@rabbit.lxintn1.ky.home.com> <Pine.BSF.4.21.0109300155370.6237-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 30, 2001 at 02:05:45AM -0600, Ryan Thompson wrote:
> Jim Freeze wrote to Nathan Mace and questions@FreeBSD.ORG:
>
> > I now have in my ruleset the following:
> >
> > ${fwcmd} add pass tcp from any 20 to any 1024-65535 setup
> > ${fwcmd} add pass log tcp from any to any 21 in via ${oif} setup
> >
> > These two lines come before the divert rule:
> >
> > ${fwcmd} add divert natd all from any to any via ${natd_interface}
> Use ProFTPd and use the PassivePorts directive to specify an allowed range
> of ports that it will send to the client in response to a PASV request.
> (49152 - 65534 is the IANA-registered ephemeral port range). Then, just
> open those ports up in your firewall. Much better than > 1023!
>
> Hope this helps,
>
Thanks for you help. Currently I have the following rules before
the divert rule to get ftp to work:
${fwcmd} add pass tcp from any 20 to ${oip} 1024-65535 setup
${fwcmd} add pass log tcp from any to ${oip} 21 in via ${oif} setup
As you stated, this is probably not the best solution. So, I started
to install ProFTPd, but I did not see how it worked without using
anonymous ftp. I don't want to open any kind of anonymous ftp.
Can ProFTPd do just user ftp?
Thanks
Jim
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010930121047.A6127>