From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 12 09:07:41 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F3D5816A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Apr 2005 09:07:40 +0000 (GMT)
Received: from mx2.mail.ru (mx2.mail.ru [194.67.23.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9C3DF43D49
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Apr 2005 09:07:40 +0000 (GMT)
	(envelope-from infofarmer@mail.ru)
Received: from [83.237.195.182] (port=4245 helo=[172.17.0.69])
	by mx2.mail.ru with asmtp 
	id 1DLHMx-000Hbh-00; Tue, 12 Apr 2005 13:07:39 +0400
Message-ID: <425B8FDE.6030001@mail.ru>
Date: Tue, 12 Apr 2005 13:07:42 +0400
From: "Andrew P." <infofarmer@mail.ru>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: clem.twain@gmail.com
References: <425B7682.9020705@gmail.com>
	<001001c53f31$f946c7c0$0a01a8c0@ops.cenergynetworks.com>
	<425B8024.5060608@gmail.com>
In-Reply-To: <425B8024.5060608@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
cc: Chris Knipe <savage@savage.za.org>
Subject: Re: weird problem with ipfw and ftp
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: infofarmer@mail.ru
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2005 09:07:41 -0000

Clement Twine wrote:
> so, should the following work?
> 
>  >>     ipfw add 00010 allow tcp from any to 10.0.0.1 21
>  >>     ipfw add 00011 allow tcp from 10.0.0.1 21 to any
>  >>     ipfw add 00012 allow tcp from any to 10.0.0.1 20
>  >>     ipfw add 00013 allow tcp from 10.0.0.1 20 to any

This last ruleset will work ok. Here's mine:

# ftp server
ipfw add 331 allow tcp from 172.17.0.0/24 to 172.17.0.1 20
ipfw add 332 allow tcp from 172.17.0.1 20 to 172.17.0.0/24
ipfw add 333 allow tcp from 172.17.0.0/24 to 172.17.0.1 21
ipfw add 334 allow tcp from 172.17.0.1 21 to 172.17.0.0/24

Works for me :)

Best wishes,
Andrew P.