From owner-freebsd-questions Sun May 13 8:15:38 2001 Delivered-To: freebsd-questions@freebsd.org Received: from matrix.dynamic-cast.com (r175-5-dsl.sea.lightrealm.net [216.122.5.175]) by hub.freebsd.org (Postfix) with ESMTP id 9322A37B42C for ; Sun, 13 May 2001 08:15:35 -0700 (PDT) (envelope-from herveyw@dynamic-cast.com) Received: from chillipepper (chillipepper.dynamic-cast.com [192.168.1.1]) by matrix.dynamic-cast.com (8.11.3/8.11.3) with SMTP id f4DFFJQ45452; Sun, 13 May 2001 08:15:20 -0700 (PDT) (envelope-from herveyw@dynamic-cast.com) Message-ID: <006f01c0dbbf$b71691c0$0101a8c0@chillipepper> From: "Hervey Wilson" To: "Paul Herman" Cc: "Artem Koutchine" , References: Subject: Re: Allow rules for ipfw for active ftp Date: Sun, 13 May 2001 08:16:39 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG From: "Paul Herman" > On Sat, 12 May 2001, Hervey Wilson wrote: > > > Then I discovered that login.conf was setting > > FTP_PASSIVE_MODE=YES. Removing this option so that the ftp client > > on the firewall server used active connections made everything > > work perfectly. > > Mostly yes, but this can be a problem if both sides have a firewall, > which was why I needed to use punch_fw. The users needed to regularly > FTP data from one customer who also was behind a firewall. Someone > had to give. > My need is simpler - I found that without punch_fw I had to leave a range of ports open on the firewall server for the return ftp connection. I wanted to have things locked down a little more and punch_fw allows me to do that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message