Date: Wed, 20 Dec 2000 14:06:34 +0100 (CET) From: Peter Ross <petros@pps.de> To: freebsd-security@FreeBSD.ORG Subject: Re: FTP and firewall Message-ID: <200012201306.OAA00816@pps.de> In-Reply-To: <200012191138.MAA26842@jung9.pps.de> from Peter Ross at "Dec 19, 2000 12:38:58 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, I'm listen here and hope for answers. Sorry for my English. My girlfriend did some remarks.. I found these mails discussing the same problem: ( http://docs.freebsd.org/mail/archive/2000/freebsd-security/20000402.freebsd-security.html ) Paul Hart <hart@iserver.com> wrote: > On Wed, 29 Mar 2000, Alan Batie wrote: > > > To do active mode ftp properly, ipfw would need to parse the contents > > of the packets on the ftp control channel and dynamically allow the > > corresponding incoming connection. There's no indication that this > > parsing capability is present. > > I know we're talking about IPFW here, but hasn't IP Filter (also included > with FreeBSD) been supporting this very operation for quite a while now? I checked the man page again but I can't see it. And Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> wrote: > What I have done is to configure FTPd to use ports between 40000 and > 44999 (wu-ftpd allows it to be done easily; don't know others) and then: > allow tcp from any to my_ip 40000-44999 in setup > It's not the best, but still better than nothing. But what's the best? Peter Ross To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012201306.OAA00816>