Date: Mon, 26 Nov 2001 15:32:05 +0000 From: "Danny Carroll" <dannycarroll@hotmail.com> To: security@freebsd.org Subject: IPFW, natd and an internal FTP server. Message-ID: <LAW2-F68hvpFaeZPHNu00019f0c@hotmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I know this question has been covered before in many different ways, but I can't seem to find the solution I am looking for. Here is my situation. machine guard is the firewall / natd server on a dedicated internet line. machine app is the web/ftp server let's say it runs win2k. This machine is on an internal (192.168) network and the firewall's natd diverts web/ftp stuff almost brilliantly. The firewall works fine for active FTP (server initiated data connections). If I configure my FTP server to use passive ports in a limited range and allow those ports specifically then all is well. But I want to be a little more secure. So I tried using punch_fw to add the rules dynamically. I figured if it works for active clients, it must work for passive servers? Am I wrong in this assumption or have I screwed something up? Also, will I see the rules inserted into the ipfw list or are they hidden for some reason? Thanks in advance. -D _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LAW2-F68hvpFaeZPHNu00019f0c>