From owner-freebsd-stable Thu Jul 18 22:16:37 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7736137B401 for ; Thu, 18 Jul 2002 22:16:32 -0700 (PDT) Received: from quack.kfu.com (adsl-67-113-12-90.dsl.snfc21.pacbell.net [67.113.12.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD6B943E4A for ; Thu, 18 Jul 2002 22:16:31 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from morpheus.kfu.com (morpheus.kfu.com [IPv6:3ffe:1200:301b:1:2d0:b7ff:fe3f:bdd0]) by quack.kfu.com (8.12.3/8.12.3) with ESMTP id g6J5GTKi037368 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Thu, 18 Jul 2002 22:16:29 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from quack.kfu.com (localhost [IPv6:::1]) by morpheus.kfu.com (8.12.3/8.12.3) with ESMTP id g6J5GNrK000704; Thu, 18 Jul 2002 22:16:23 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Message-ID: <3D37A0A7.6070809@quack.kfu.com> Date: Thu, 18 Jul 2002 22:16:23 -0700 From: Nick Sayer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020606 X-Accept-Language: en, en-US, en-GB MIME-Version: 1.0 To: "Tortise@Paradise" Cc: freebsd-stable@FreeBSD.ORG, Rich Morin Subject: Re: Enabling passive FTP on FreeBSD 4.5? References: <016701c22edb$fcc0e250$0600a8c0@P1200n> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Tortise@Paradise wrote: > Yes I'd appreciate the answer to this, if there is one....or if it was > passed off list. > With thanks > David Hingston > > ----- Original Message ----- > From: "Rich Morin" > To: > Sent: Friday, July 19, 2002 11:27 AM > Subject: Enabling passive FTP on FreeBSD 4.5? > > > >>I have a user who wants to use passive-mode FTP to access files on my >>FreeBSD 4.5 system. Our firewall is set up to allow all outgoing packets >>and to allow incoming traffic on >> >> 20 TCP # FTP (data) >> 20 UDP # FTP " >> 21 TCP # FTP (control) >> 21 UDP # FTP " >> This is insufficient. Passive mode FTP requires incoming control connections and incoming data connections, but the data connections are addressed to *arbitrary* ports. If you're using the FreeBSD stock FTP server, however, I *believe* that you can count on the data ports to always be within the "high" portrange. See 'sysctl -a | grep portrange'. YMMV with other servers, however, all you need to do to change the default port range used for binding is to setsockopt IP_PORTRANGE to either IP_PORTRANGE_HIGH, IP_PORTRANGE_LOW (requires root) or IP_PORTRANGE_DEFAULT. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message