From owner-freebsd-questions  Sun Sep 30  9:12:49 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from CI590846-B.freebsdportal.com (ci590846-b.lxintn1.ky.home.com [24.9.218.175])
	by hub.freebsd.org (Postfix) with ESMTP id 692C037B40A
	for <questions@freebsd.org>; Sun, 30 Sep 2001 09:12:45 -0700 (PDT)
Received: (from jfreeze@localhost)
	by CI590846-B.freebsdportal.com (8.11.6/8.11.6) id f8UGAlE16449;
	Sun, 30 Sep 2001 12:10:47 -0400 (EDT)
	(envelope-from jfreeze)
Date: Sun, 30 Sep 2001 12:10:47 -0400
From: Jim Freeze <jfreeze@freebsdportal.com>
To: Ryan Thompson <ryan@sasknow.com>
Cc: questions@freebsd.org
Subject: Re: How to get FTP working for 4.4R
Message-ID: <20010930121047.A6127@rabbit.lxintn1.ky.home.com>
References: <20010930012122.A1187@rabbit.lxintn1.ky.home.com> <Pine.BSF.4.21.0109300155370.6237-100000@ren.sasknow.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0109300155370.6237-100000@ren.sasknow.com>; from ryan@sasknow.com on Sun, Sep 30, 2001 at 02:05:45AM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sun, Sep 30, 2001 at 02:05:45AM -0600, Ryan Thompson wrote:
> Jim Freeze wrote to Nathan Mace and questions@FreeBSD.ORG:
> 
> > I now have in my ruleset the following:
> > 
> > ${fwcmd} add pass tcp from any 20 to any 1024-65535 setup
> > ${fwcmd} add pass log tcp from any to any 21 in via ${oif} setup
> > 
> > These two lines come before the divert rule:
> > 
> > ${fwcmd} add divert natd all from any to any via ${natd_interface}              
> Use ProFTPd and use the PassivePorts directive to specify an allowed range
> of ports that it will send to the client in response to a PASV request.
> (49152 - 65534 is the IANA-registered ephemeral port range). Then, just
> open those ports up in your firewall. Much better than > 1023!
> 
> Hope this helps,
> 
Thanks for you help. Currently I have the following rules before
the divert rule to get ftp to work:

${fwcmd} add pass tcp from any 20 to ${oip} 1024-65535 setup 
${fwcmd} add pass log tcp from any to ${oip} 21 in via ${oif} setup

As you stated, this is probably not the best solution. So, I started
to install ProFTPd, but I did not see how it worked without using
anonymous ftp. I don't want to open any kind of anonymous ftp.
Can ProFTPd do just user ftp?


Thanks

Jim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message