Date: Fri, 16 Nov 2001 19:25:13 +1100 From: "Chris Knight" <chris@aims.com.au> To: <freebsd-ipfw@freebsd.org> Subject: Stateful Rules and FTP Message-ID: <00bb01c16e78$37d102a0$020aa8c0@aims.private>
next in thread | raw e-mail | index | archive | help
Howdy, I'm running 4.4-stable on a box with 3 interfaces: ed0, ed1 and ed2. ed0 is the external interface. ed1 is the DMZ interface. ed2 is the internal interface. I want a select group of machines in the DMZ to be able to FTP, and only FTP, to a machine on the internal network to retrieve an installation image and packages. I've found the only way I can get passive FTP going is with the following rule: add pass tcp from <dmz subnet> to <internal ip> keep-state in recv ed1 setup But this then allows access to other services on the internal machine :-( Adding port 21 to the destination only allows FTP control connections and not FTP data connections. It's starting to drive me batty. Ideally, I'd like to be able to specify in the ruleset that the data has to traverse both ed1 and ed2. Lack of sleep doesn't help either. Can anyone help me out? Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00bb01c16e78$37d102a0$020aa8c0>