Date: Thu, 9 Nov 2000 09:48:35 +0100 (CET) From: bkoester <koester@x-itec.de> To: freebsd-questions@FreeBSD.ORG Subject: IPFW + FTP Problem Message-ID: <200011090848.eA98mZR80203@localhost.localdom>
next in thread | raw e-mail | index | archive | help
Hello there -)
I have a little problem with my ipfw script. I have opened several
ports like 20, 21, 80, 25, 109, 110, 53 and i can surf, get my
e-mails.
If i want to do FTP, i can connect to these ftp servers, but i can not
list their contents. Port 20+21 are opened, but this seems not to work
correctly, i am sure i forgot something. Passive mode with my ftp
clients seems not to work, too. The connection hangs somewhere and
will be blocked.
I am not a security paranoia person, but FreeBSD works as a nat
router, mailserver (sendmail) and so on for my windows box. On my
windows box there are many bogus apps who want to try to establish
connections on ports they not should use so i only open ports as
really needed for my requirements.
Here is a snipset of my current configuration (not perfect i know sorry)
isp="isp0"
lan="ed1";
netz="192.168.0.0/24";
ipfw -f flush
natd -interface isp0
ipfw add divert natd all from any to any via isp0
#Rest
ipfw add deny tcp from any to any in via isp0 setup
ipfw add pass tcp from any to any via isp0 established
ipfw add deny all from ${netz} to any in via isp0
ipfw add deny all from 127.0.0.1 to any in via isp0
#Standarddienste
ipfw add pass tcp from any to any 20,21,23,80,25,109,110,4751
ipfw add pass tcp from any 20,21,23,80,25,109,110,4751 to any
ipfw add pass icmp from any to any
ipfw add pass udp from any to any
--
Best regards,
Boris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011090848.eA98mZR80203>