Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Dec 2002 14:29:38 -0500
From:      Barney Wolff <barney@tp.databus.com>
To:        Peter Brezny <peter@skyrunner.net>
Cc:        Vincent Jardin <vjardin@wanadoo.fr>, Barney Wolff <barney@tp.databus.com>, "Orville R. Weyrich_Jr" <orville@ameriroots.com>, freebsd-net@FreeBSD.ORG
Subject:   Re: passive mode ftp server, need stateful ipfw rule.
Message-ID:  <20021210192938.GA68635@tp.databus.com>
In-Reply-To: <NEBBIGLHNDFEJMMIEGOOIELHFEAA.peter@skyrunner.net>
References:  <200212100831.45848.vjardin@wanadoo.fr> <NEBBIGLHNDFEJMMIEGOOIELHFEAA.peter@skyrunner.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Dec 10, 2002 at 01:40:43PM -0500, Peter Brezny wrote:
> How do you adjust the range of random tcp ports chosen if you are using the
> stoc ftpd that comes with freebsd.

sysctl net.inet.ip.portrange.hifirst and .hilast, set by default to
49152 and 65535.  The ftpd manpage is slightly misleading here, as
it states the defaults without noting that they can be modified.
UTSL shows that ftpd binds to port 0 for PASV, thus leaving the choice
up to the kernel.

> Of course I'd like to be able to move to sftp or scp or https, but as an isp
> with web hosting, the support overhead for all the designers to learn how to
> do it would be a bit overwhelming.
> 
> What about the -punch_fw option in natd?  Has anyone used that before?

I believe that only works on the client side, but I'd be happy to be
shown to be in error.  One could hack up the natd source to do the
job, as all the pieces necessary are in there.  But beware - a server
must cope with tricks such as asking for a nonexistent file that looks
like the response to a PASV command, and so on.  Firewall vendors
sometimes actually do earn their money.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021210192938.GA68635>