From owner-freebsd-ipfw Fri Nov 16 0:26:15 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from postoffice.aims.com.au (eth0.lnk.aims.com.au [203.31.73.253]) by hub.freebsd.org (Postfix) with ESMTP id 9C7D537B418 for ; Fri, 16 Nov 2001 00:26:12 -0800 (PST) Received: from postoffice.aims.com.au (nts-ts1.aims.private [192.168.10.2]) by postoffice.aims.com.au with ESMTP id fAG8QB668035 for ; Fri, 16 Nov 2001 19:26:11 +1100 (EST) (envelope-from chris@aims.com.au) Received: from ntsts1 by aims.com.au with SMTP (MDaemon.v3.5.3.R) for ; Fri, 16 Nov 2001 19:25:16 +1100 Reply-To: From: "Chris Knight" To: Subject: Stateful Rules and FTP Date: Fri, 16 Nov 2001 19:25:13 +1100 Message-ID: <00bb01c16e78$37d102a0$020aa8c0@aims.private> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal X-Return-Path: chris@aims.com.au X-MDaemon-Deliver-To: freebsd-ipfw@freebsd.org Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Howdy, I'm running 4.4-stable on a box with 3 interfaces: ed0, ed1 and ed2. ed0 is the external interface. ed1 is the DMZ interface. ed2 is the internal interface. I want a select group of machines in the DMZ to be able to FTP, and only FTP, to a machine on the internal network to retrieve an installation image and packages. I've found the only way I can get passive FTP going is with the following rule: add pass tcp from to keep-state in recv ed1 setup But this then allows access to other services on the internal machine :-( Adding port 21 to the destination only allows FTP control connections and not FTP data connections. It's starting to drive me batty. Ideally, I'd like to be able to specify in the ruleset that the data has to traverse both ed1 and ed2. Lack of sleep doesn't help either. Can anyone help me out? Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message