From owner-freebsd-questions@FreeBSD.ORG Tue Jun 17 05:13:51 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3680337B401 for ; Tue, 17 Jun 2003 05:13:51 -0700 (PDT) Received: from mx1.au.itouchnet.net (nat2.au.itouchnet.net [144.135.23.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id B329B43FA3 for ; Tue, 17 Jun 2003 05:13:49 -0700 (PDT) (envelope-from ajthomson@optushome.com.au) Received: from nobody by mx1.au.itouchnet.net with scanned_ok (Exim 3.36 #1) id 19SFLQ-000D8S-00 for freebsd-questions@freebsd.org; Tue, 17 Jun 2003 22:13:48 +1000 X-TLS: TLSv1:DES-CBC3-SHA:168 athomson.prv.au.itouchnet.net -> mx1.au.itouchnet.net Received: from athomson.prv.au.itouchnet.net ([192.168.13.55]) by mx1.au.itouchnet.net with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 19SFLP-000D8L-00 for freebsd-questions@freebsd.org; Tue, 17 Jun 2003 22:13:47 +1000 Received: from localhost ([127.0.0.1] helo=athomson.prv.au.itouchnet.net) by athomson.prv.au.itouchnet.net with esmtp (Exim 4.20) id 19SFLP-000KyI-9g for freebsd-questions@freebsd.org; Tue, 17 Jun 2003 22:13:47 +1000 Received: (from ajt@localhost)h5HCDkM6080617 for freebsd-questions@freebsd.org; Tue, 17 Jun 2003 22:13:46 +1000 (EST) X-Authentication-Warning: athomson.prv.au.itouchnet.net: ajt set sender to ajthomson@optushome.com.au using -f Date: Tue, 17 Jun 2003 22:13:46 +1000 From: Andrew Thomson To: freebsd-questions@freebsd.org Message-ID: <20030617121346.GA80594@athomson.prv.au.itouchnet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Checked: Scanned for any viruses and unauthorized attachments at mx1.au.itouchnet.net X-iScan-ID: 50492-1055852027-58104@mx1.au.itouchnet.net version $Name: REL_2_0_2 $ Subject: restrictive ipfw ruleset and ftp X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jun 2003 12:13:51 -0000 any suggestions would be great. i have a restrictive ipfw ruleset that works great.. it only allows incoming connections that i allow and outgoing connections allow. i have a list of ports that i let my users go out on: 80, 22, 143, 443 etc etc.. All the stuff they might need to do. how can i handle passive ftp though? i can let 21 out, but when the remote ftp server says use this x high port.. i block that because it's not in my list. so what can i do to get around this.. not totally familiar with it, but is this what fw_punch is for within nat?? thanks, ajt.