Date: Mon, 26 Nov 2001 18:51:24 +0200 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Danny Carroll <dannycarroll@hotmail.com> Cc: security@FreeBSD.ORG Subject: Re: IPFW, natd and an internal FTP server. Message-ID: <20011126185124.A27588@sunbay.com> In-Reply-To: <LAW2-F68hvpFaeZPHNu00019f0c@hotmail.com> References: <LAW2-F68hvpFaeZPHNu00019f0c@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 26, 2001 at 03:32:05PM +0000, Danny Carroll wrote: > Hello, > > I know this question has been covered before in many different ways, but I > can't seem to find the solution I am looking for. > > Here is my situation. > > machine guard is the firewall / natd server on a dedicated internet line. > machine app is the web/ftp server let's say it runs win2k. This machine is > on an internal (192.168) network and the firewall's natd diverts web/ftp > stuff almost brilliantly. > > The firewall works fine for active FTP (server initiated data connections). > > If I configure my FTP server to use passive ports in a limited range and > allow those ports specifically then all is well. > > But I want to be a little more secure. So I tried using punch_fw to add the > > rules dynamically. I figured if it works for active clients, it must work > for passive servers? > Yes. > Am I wrong in this assumption or have I screwed something up? > So, you tried it and it did not work? What's the FreeBSD version? > Also, will I see the rules inserted into the ipfw list or are they hidden > for some reason? > Yes. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011126185124.A27588>