Date: Thu, 9 Nov 2000 09:48:35 +0100 (CET) From: bkoester <koester@x-itec.de> To: freebsd-questions@FreeBSD.ORG Subject: IPFW + FTP Problem Message-ID: <200011090848.eA98mZR80203@localhost.localdom>
next in thread | raw e-mail | index | archive | help
Hello there -) I have a little problem with my ipfw script. I have opened several ports like 20, 21, 80, 25, 109, 110, 53 and i can surf, get my e-mails. If i want to do FTP, i can connect to these ftp servers, but i can not list their contents. Port 20+21 are opened, but this seems not to work correctly, i am sure i forgot something. Passive mode with my ftp clients seems not to work, too. The connection hangs somewhere and will be blocked. I am not a security paranoia person, but FreeBSD works as a nat router, mailserver (sendmail) and so on for my windows box. On my windows box there are many bogus apps who want to try to establish connections on ports they not should use so i only open ports as really needed for my requirements. Here is a snipset of my current configuration (not perfect i know sorry) isp="isp0" lan="ed1"; netz="192.168.0.0/24"; ipfw -f flush natd -interface isp0 ipfw add divert natd all from any to any via isp0 #Rest ipfw add deny tcp from any to any in via isp0 setup ipfw add pass tcp from any to any via isp0 established ipfw add deny all from ${netz} to any in via isp0 ipfw add deny all from 127.0.0.1 to any in via isp0 #Standarddienste ipfw add pass tcp from any to any 20,21,23,80,25,109,110,4751 ipfw add pass tcp from any 20,21,23,80,25,109,110,4751 to any ipfw add pass icmp from any to any ipfw add pass udp from any to any -- Best regards, Boris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011090848.eA98mZR80203>