Date: Thu, 22 Mar 2001 05:11:16 -0500 From: Daniel Hagan <dhagan@colltech.com> To: "Patrick O'Reilly" <patrick@mip.co.za> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: freebsd 4.2 ipfw natd Message-ID: <3AB9CFC4.11018F6E@colltech.com> References: <NDBBIMKICMDGDMNOOCAIMEOPCEAA.patrick@mip.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Patrick O'Reilly wrote: > ------------------ > # FTP - Allow access from our LAN to External FTP servers > ${fwcmd} add pass tcp from any to any 21 setup > ${fwcmd} add pass tcp from any 20 to any 1024-65535 setup This would make the firewall transparent to ftp sessions in _both_ directions, not just from your lan out. > # FTP - Allow access from the net to our FTP server > ${fwcmd} add pass tcp from any to x.x.x.x 21 setup > ${fwcmd} add pass tcp from x.x.x.x 20 to any 1024-65535 setup FTP is a crappy protocol to packet filter. I'm not familiar with the issues involved, but I believe proxy servers located in a DMZ (or integrated into the firewall) are a much better solution than packet filters. Sorry I can't give you a more detailed explanation. Daniel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AB9CFC4.11018F6E>