Date: Fri, 3 Jan 1997 01:34:55 -0800 (PST) From: Jaye Mathisen <mrcpu@cdsnet.net> To: hackers@freebsd.org Subject: Stupid ipfw question. Message-ID: <Pine.NEB.3.95.970103012006.14712T-100000@mail.cdsnet.net>
next in thread | raw e-mail | index | archive | help
Why doesn't the following 2 rules allow any type of outbound TCP
connection?
/sbin/ipfw add pass tcp from ${ip} to any setup
/sbin/ipfw add pass tcp from any to any established
Basically my FTP's are failing, but work fine in passive mode.
I must be missing something obvious with the PORT commands, most likely it
being that the port command is from the remote host to my host, but since
I don't know what port it will be, I have to leave a bunch of them open,
which seems to be a problematic issue for firewalling.
However, I'm using squid, and it doesn't seem to support PASV ftp
retrievals, so I'm not sure what the safest thing to do is.
ftpget (part of squid) does support a "range" notation for data, but I
don't think there's a range argument to ipfw. Nor have I seen a range
argument that can be passed to the remote FTP server.
So what's the right thing to do here?
Accept TCP connections above 1023? Seems fraught with peril...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970103012006.14712T-100000>