Date: Sun, 02 Sep 2001 15:17:45 -0500 From: David Kelly <dkelly@hiwaay.net> To: "Sven Huster" <sven.huster@mailsurf.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: IPFirewall again Message-ID: <200109022017.f82KHjw89171@grumpy.dyndns.org> In-Reply-To: Message from "Sven Huster" <sven.huster@mailsurf.com> of "Sun, 02 Sep 2001 21:45:49 %2B0200." <NGEPJANEPIDHMDLBLKMDCEHCBCAB.sven.huster@mailsurf.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Sven Huster" writes: > try > = > ftp ftp.host.domain > ftp> passive > = > should switch passive on or off not sure now. > does it work then? For passive to work one has to allow all tcp outgoing connections. Or = if not all, then at least over a broad range of ports. For non-passive to work one has to allow incoming connections from remote port 20. Would be a useful addition to the keep-state rules: an exception which opens a specific reverse opening from port 20 of any host which has an active port 21 connection. natd's punch_fw option monitors port 21 connections for the sequences which cause data connections to open and inserts ipfw rules to allow both passive and non-passive. Then removes when the connection is finished. Have found this works with IE 5.0 on MacOS but not on Win32. Something is different about the exchange, even to the same ftpd server. The command line ftp on the Win32 machine has no problems where IE fails. Am not sure how to make natd apply to the machine which is hosting natd. Haven't tried very hard, but do know my firewall can't fetch thru itself. -- = David Kelly N4HHE, dkelly@hiwaay.net =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109022017.f82KHjw89171>