From owner-freebsd-questions  Sun Sep 30 11:49: 5 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id A097837B40D
	for <questions@freebsd.org>; Sun, 30 Sep 2001 11:48:55 -0700 (PDT)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id MAA96335;
	Sun, 30 Sep 2001 12:48:49 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Sun, 30 Sep 2001 12:48:49 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: Jim Freeze <jfreeze@freebsdportal.com>
Cc: questions@freebsd.org
Subject: Re: How to get FTP working for 4.4R
In-Reply-To: <20010930121047.A6127@rabbit.lxintn1.ky.home.com>
Message-ID: <Pine.BSF.4.21.0109301245120.6237-100000@ren.sasknow.com>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Jim Freeze wrote to Ryan Thompson:

> > > ${fwcmd} add pass tcp from any 20 to any 1024-65535 setup
> > > ${fwcmd} add pass log tcp from any to any 21 in via ${oif} setup
> > > 
> > > These two lines come before the divert rule:
> > > 
> > > ${fwcmd} add divert natd all from any to any via ${natd_interface}              
> > Use ProFTPd and use the PassivePorts directive to specify an allowed range
> > of ports that it will send to the client in response to a PASV request.
> > (49152 - 65534 is the IANA-registered ephemeral port range). Then, just
> > open those ports up in your firewall. Much better than > 1023!
> > 
> > Hope this helps,
>
> Thanks for you help. Currently I have the following rules before
> the divert rule to get ftp to work:
> 
> ${fwcmd} add pass tcp from any 20 to ${oip} 1024-65535 setup 
> ${fwcmd} add pass log tcp from any to ${oip} 21 in via ${oif} setup
> 
> As you stated, this is probably not the best solution. So, I started
> to install ProFTPd, but I did not see how it worked without using
> anonymous ftp. I don't want to open any kind of anonymous ftp. Can
> ProFTPd do just user ftp?

Yes. ProFTPd can do user ftp only... Just disable or restrict the
<Anonymous> directive in proftpd.conf.


> Thanks
> 
> Jim
> 

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message