Date: Mon, 13 May 2002 15:57:04 +0200 From: Nelis Lamprecht <nelis@brabys.co.za> To: freebsd-questions@freebsd.org Subject: Re: ipfw problems Message-ID: <5.1.0.14.2.20020513155418.01269d30@192.96.48.11> In-Reply-To: <3CDFC545.1040906@potentialtech.com> References: <5.1.0.14.2.20020513152557.01269d30@192.96.48.11>
next in thread | previous in thread | raw e-mail | index | archive | help
my ruleset looks something like this: add 00301 check-state add 00302 allow tcp from any to any established add 00303 allow tcp from any to any out setup keep-state add 00304 allow tcp from any to $myip 20,21 setup is that correct? I can still ftp to my own server but not from ports collection. At 03:53 PM 2002/05/13 Monday, you wrote: >Nelis Lamprecht wrote: >>Hi >>In my ipfw ruleset I have got everything set to "allow tcp from any to >>$myip $myports setup". Would the 'setup - TCP packets only. Match >>packets that have the SYN bit set but no ACK bit.' deny me from ftp to >>certain servers ? > >Do you also have "pass tcp from any to any established" somewhere in >your ruleset? The "setup" one matches initial packets, if you don't >have an "established" rule, subsequent packets will be denied. > >>Even with ports 20, 21 set to open when I enable my firewall it won't >>allow me to download anything through the ports collection. > >You have to do the ftp in passive mode, _after_ your rules are set up >correctly. >If you're still having trouble, post your _entire_ ruleset to the list, >your brief description of it isn't good enough for anyone to understand >the interaction of rules in your ruleset. > >-- >Bill Moran >Potential Technology >http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020513155418.01269d30>