Date: Sun, 13 May 2001 08:16:39 -0700 From: "Hervey Wilson" <herveyw@dynamic-cast.com> To: "Paul Herman" <pherman@frenchfries.net> Cc: "Artem Koutchine" <matrix@ipform.ru>, <questions@FreeBSD.ORG> Subject: Re: Allow rules for ipfw for active ftp Message-ID: <006f01c0dbbf$b71691c0$0101a8c0@chillipepper> References: <Pine.BSF.4.33.0105130901000.10591-100000@husten.security.at12.de>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Paul Herman" <pherman@frenchfries.net> > On Sat, 12 May 2001, Hervey Wilson wrote: > > > Then I discovered that login.conf was setting > > FTP_PASSIVE_MODE=YES. Removing this option so that the ftp client > > on the firewall server used active connections made everything > > work perfectly. > > Mostly yes, but this can be a problem if both sides have a firewall, > which was why I needed to use punch_fw. The users needed to regularly > FTP data from one customer who also was behind a firewall. Someone > had to give. > My need is simpler - I found that without punch_fw I had to leave a range of ports open on the firewall server for the return ftp connection. I wanted to have things locked down a little more and punch_fw allows me to do that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006f01c0dbbf$b71691c0$0101a8c0>