Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Aug 2002 19:54:10 -0600
From:      "Grant Cooper" <grant.cooper@nucleus.com>
To:        <freebsd-questions@FreeBSD.ORG>
Subject:   IPFW & FTP
Message-ID:  <006501c2426c$51858040$2afececd@TCOOPER>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Some basic rules

add 10 allow all from any to any via lo0 in
add 10 allow all from any to any via lo0 out

#masquerade internel traffic
add 40 divert natd all from any to any via <externel>
add 45 allow tcp from any to any established

add 270 allow tcp from any 20,21 to any $UNPRIVPORTS

But when I ftp I get some problems. I can "put" the files in fine but when I "get" the client & server negotiate using $UNPRIVPORTS to communicate with each other. For example ( port 3123 <-> port 2342 ). I was hoping rule 45 would fix this.

[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2716.2200" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>Some basic rules</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>add 10 allow all from any to any via lo0 
in</FONT></DIV>
<DIV>
<DIV><FONT face=Arial size=2>add 10 allow all from any to any via lo0 
out</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>#masquerade internel traffic</FONT></DIV>
<DIV><FONT face=Arial size=2>add 40 divert natd all from any to any via 
&lt;externel&gt;</FONT></DIV>
<DIV><FONT face=Arial size=2>add 45 allow tcp from any to any 
established</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>add 270 allow tcp from any 20,21 to any 
$UNPRIVPORTS</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>But when I ftp I get some problems. I can "put" the files in fine but when 
I "get" the client &amp; server&nbsp;negotiate using $UNPRIVPORTS to communicate 
with each other. For example (&nbsp;port 3123 &lt;-&gt; port 2342 ). I was 
hoping rule 45 would fix this.</DIV></DIV></FONT></DIV></BODY></HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006501c2426c$51858040$2afececd>