From owner-freebsd-questions  Mon Aug 12 18:51:18 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D3AC837B400
	for <freebsd-questions@freebsd.org>; Mon, 12 Aug 2002 18:51:14 -0700 (PDT)
Received: from mail.nucleus.com (mail.nucleus.com [207.34.93.23])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3FB2F43E4A
	for <freebsd-questions@freebsd.org>; Mon, 12 Aug 2002 18:51:14 -0700 (PDT)
	(envelope-from grant.cooper@nucleus.com)
Received: from TCOOPER (unverified [205.206.254.42]) by mail.nucleus.com
 (Vircom SMTPRS 1.4.232) with SMTP id <B0059562165@mail.nucleus.com> for <freebsd-questions@freebsd.org>;
 Mon, 12 Aug 2002 19:51:13 -0600
Message-ID: <006501c2426c$51858040$2afececd@TCOOPER>
From: "Grant Cooper" <grant.cooper@nucleus.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: IPFW & FTP
Date: Mon, 12 Aug 2002 19:54:10 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0062_01C2423A.0653B240"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.

------=_NextPart_000_0062_01C2423A.0653B240
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Some basic rules

add 10 allow all from any to any via lo0 in
add 10 allow all from any to any via lo0 out

#masquerade internel traffic
add 40 divert natd all from any to any via <externel>
add 45 allow tcp from any to any established

add 270 allow tcp from any 20,21 to any $UNPRIVPORTS

But when I ftp I get some problems. I can "put" the files in fine but =
when I "get" the client & server negotiate using $UNPRIVPORTS to =
communicate with each other. For example ( port 3123 <-> port 2342 ). I =
was hoping rule 45 would fix this.

------=_NextPart_000_0062_01C2423A.0653B240
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>Some basic rules</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>add 10 allow all from any to any via =
lo0=20
in</FONT></DIV>
<DIV>
<DIV><FONT face=3DArial size=3D2>add 10 allow all from any to any via =
lo0=20
out</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>#masquerade internel =
traffic</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>add 40 divert natd all from any to any =
via=20
&lt;externel&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>add 45 allow tcp from any to any=20
established</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>add 270 allow tcp from any 20,21 to any =

$UNPRIVPORTS</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>But when I ftp I get some problems. I can "put" the files in fine =
but when=20
I "get" the client &amp; server&nbsp;negotiate using $UNPRIVPORTS to =
communicate=20
with each other. For example (&nbsp;port 3123 &lt;-&gt; port 2342 ). I =
was=20
hoping rule 45 would fix this.</DIV></DIV></FONT></DIV></BODY></HTML>

------=_NextPart_000_0062_01C2423A.0653B240--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message