From owner-freebsd-security Mon Nov 26 9: 2:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (law2-f79.hotmail.com [216.32.181.79]) by hub.freebsd.org (Postfix) with ESMTP id E30BE37B416; Mon, 26 Nov 2001 09:02:27 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 26 Nov 2001 09:02:27 -0800 Received: from 213.84.199.53 by lw2fd.hotmail.msn.com with HTTP; Mon, 26 Nov 2001 17:02:27 GMT X-Originating-IP: [213.84.199.53] From: "Danny Carroll" To: ru@FreeBSD.ORG Cc: security@FreeBSD.ORG Subject: Re: IPFW, natd and an internal FTP server. Date: Mon, 26 Nov 2001 17:02:27 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Nov 2001 17:02:27.0874 (UTC) FILETIME=[20B43020:01C1769C] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>rules dynamically. I figured if it works for active clients, it must work >>for passive servers? >> >Yes. No.... At least it doens't for me. > > Am I wrong in this assumption or have I screwed something up? >So, you tried it and it did not work? What's the FreeBSD version? > Yes, I tried it and it failed... But I then tried active FTP out and I could clearly see two wonderful new rules created right where I wanted them. I'm using FreeBSD 4.4-RELEASE straight from the ISO. I can send the firewall rules but since punch_fw is working as an active client, there is nothing there that would affect it. I mean it's making the control connection fine... -D _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message