From owner-freebsd-questions@FreeBSD.ORG  Sun Nov  7 14:27:03 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA03716A4CE
	for <freebsd-questions@freebsd.org>;
	Sun,  7 Nov 2004 14:27:03 +0000 (GMT)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5558743D2F
	for <freebsd-questions@freebsd.org>;
	Sun,  7 Nov 2004 14:27:03 +0000 (GMT)
	(envelope-from fenomenoxp2@gmail.com)
Received: by wproxy.gmail.com with SMTP id 65so113938wri
	for <freebsd-questions@freebsd.org>;
	Sun, 07 Nov 2004 06:27:03 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=GGYn+VWNRhbXvQorTQEx20/Ni3D/vjJHXHYDAytWvUYV1aMDUnonE7eF6sGoz+VcoxVeI//twhr6yksRCKaY1cNAJwP/pCO3R2e1YIbbsisDHig782Jn3V+k4Mj8So6R35TYaQ742GGy+SAlxgaFsDsEL+fN6rMmcbaU7fnWxzs=
Received: by 10.54.21.71 with SMTP id 71mr139766wru;
        Sun, 07 Nov 2004 06:27:02 -0800 (PST)
Received: by 10.54.46.50 with HTTP; Sun, 7 Nov 2004 06:27:02 -0800 (PST)
Message-ID: <dd9992320411070627724caa62@mail.gmail.com>
Date: Sun, 7 Nov 2004 15:27:02 +0100
From: Emil Khatib <fenomenoxp2@gmail.com>
To: freebsd-questions@freebsd.org
In-Reply-To: <20041107142216.GY81757@saturn.pcs.ms>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
References: <dd9992320411070554a186ae9@mail.gmail.com>
	 <20041107140217.1749C43D5A@mx1.FreeBSD.org>
	 <20041107142216.GY81757@saturn.pcs.ms>
Subject: Re: FTP access with ipfw
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Emil Khatib <fenomenoxp2@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Nov 2004 14:27:03 -0000

ipfw add allow tcp from any to any 1024-65000 keep-state
is it secure to open those ports?

On Sun, 7 Nov 2004 15:22:16 +0100, Martin Schweizer
<pcservi@spectraweb.ch> wrote:
> Hello
>=20
> I had a long time to figure out the rules for ipfw (with and without nat,=
 no
> different for me). Attached I send you the part of rc.firewall that is fo=
r ftp:
>=20
> ipfw -f flush
> ipfw add check-state
>=20
> [snip]
>=20
> # FTP
> ipfw add allow tcp from any to any 20
> ipfw add allow tcp from any to any 21
> ipfw add allow tcp from any to any 1024-65000 keep-state
>=20
> [snip ]
>=20
> Am Sun, Nov 07, 2004 at 09:02:10AM -0500 Ara schrieb:
> > This mail is probably spam.  The original message has been attached
> > along with this report, so you can recognize or block similar unwanted
> > mail in future.  See http://spamassassin.org/tag/ for more details.
> >
> > Content preview:  Hello Are you connecting directly to internet or via
> >   nat? In that case you may have to enable passive mode on your ftp
> >   client
> >=20
> > Content analysis details:   (3.60 points, 3 required)
> > IN_REP_TO          (-0.5 points) Has a In-Reply-To header
> > FORGED_MUA_OUTLOOK (3.5 points)  Forged mail pretending to be from MS O=
utlook
> > MISSING_OUTLOOK_NAME (0.6 points)  Message looks like Outlook, but isn'=
t
> >
> >
>=20
> Content-Description: original message before SpamAssassin
> > From: "Ara" <ara@avvali.com>
> > To: <freebsd-questions@freebsd.org>
> > Date: Sun, 7 Nov 2004 09:02:10 -0500
> > X-Mailer: Microsoft Office Outlook, Build 11.0.6353
> > Subject: RE: FTP access with ipfw
>=20
>=20
> >
> >
> > Hello
> > Are you connecting directly to internet or via nat? In that case you ma=
y
> > have to enable passive mode on your ftp client
> >
> > -----Original Message-----
> > From: owner-freebsd-questions@freebsd.org
> > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Emil Khatib
> > Sent: November 7, 2004 8:54 AM
> > To: freebsd-questions@freebsd.org
> > Subject: FTP access with ipfw
> >
> > Hi, I-m trying to secure my FreeBSD box using ipfw, but i can-t
> > configure FTP client to access the internet. I-ve googled aroun
> > everywhere but none of the solutions worked for me! I-m connected
> > using dialup and user ppp.
> > And another question, Would it be better if I used the firewall
> > included with PPP?
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd=
.org"
> >
> >
> >
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd=
.org"
>=20
>=20
> --
>=20
> Regards
> Gruss
> Mit freundlichen Gr=FCssen
>=20
> Martin Schweizer
> <info@pc-service.ch>
>=20
> PC-Service M. Schweizer GmbH; Gewerbehaus Schwarz; CH-8608 Bubikon
> Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch;
> public key : http://www.pc-service.ch/pgp/public_key.asc;
> fingerprint: EC21 CA4D 5C78 BC2D 73B7  10F9 C1AE 1691 D30F D239;
>=20
>=20
>