Date: Sat, 12 May 2001 18:18:59 +0200 (CEST) From: Paul Herman <pherman@frenchfries.net> To: Artem Koutchine <matrix@ipform.ru> Cc: Mike Meyer <mwm@mired.org>, <questions@FreeBSD.ORG> Subject: Re: Allow rules for ipfw for active ftp Message-ID: <Pine.BSF.4.33.0105121810530.11676-100000@husten.security.at12.de> In-Reply-To: <006001c0daeb$a7ed7260$0c00a8c0@ipform.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 12 May 2001, Artem Koutchine wrote: > > I've used the '-punch_fw' option to natd(8) with relatively good > > results. > > The client is behind the firewall. The server is open wide. Server > want to connect from arbitrary port to clients arbitrary port. > There is no way firewall could know that this connection is > related to the already established ftp command connection. So, how > does -punch_fw help? That's exactly what it does. When "natd -punch_fw" is running on the client's firewall, it sees the FTP "PORT" commands and dynamically inserts a rule into the firewall which allows the server to connect to the client. I set this up once because I was running check-state rules, which of course would allow passive mode, but the users wanted active mode as well. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0105121810530.11676-100000>