From owner-freebsd-security  Tue Mar 28 17:18:31 2000
Delivered-To: freebsd-security@freebsd.org
Received: from w2xo.pgh.pa.us (ipl-229-039.npt-sdsl.stargate.net [208.223.229.39])
	by hub.freebsd.org (Postfix) with ESMTP id 5F62037C083
	for <freebsd-security@freebsd.org>; Tue, 28 Mar 2000 17:18:25 -0800 (PST)
	(envelope-from durham@w2xo.pgh.pa.us)
Received: from w2xo.pgh.pa.us (shazam.w2xo.pgh.pa.us [192.168.5.3])
	by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id BAA76128
	for <freebsd-security@freebsd.org>; Wed, 29 Mar 2000 01:18:20 GMT
	(envelope-from durham@w2xo.pgh.pa.us)
Message-ID: <38E159DF.3D7E5DF6@w2xo.pgh.pa.us>
Date: Tue, 28 Mar 2000 20:18:23 -0500
From: Jim Durham <durham@w2xo.pgh.pa.us>
Organization: dis-
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.4-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: FTP with firewall rules
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I'm looking for some input on how to set up
FTP through an IPFW firewall so that you don't
have to run passive mode.

Passive mode makes things like building ports difficult.

I believe that the problem is that the return connection
set up by an FTP server to the client comes from port 20.
To open up "any 20" to high port numbers on your
system seems like a problem to me. Is there a secure
way to do this?

-- 
Jim Durham


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message