Date: Sun, 19 Oct 2003 19:02:07 +0100 From: Andy Smith <andy@strugglers.net> To: freebsd-ipfw@freebsd.org Subject: active FTP, ipfw and dynamic rules Message-ID: <20031019180206.GL24304@lug.org.uk>
next in thread | raw e-mail | index | archive | help
Hi guys, apologies if this has been discussed before but a couple of us have been googling and reading man pages for a few hours now and can't seem to work this one out. If you've got a machine with IPFW2 and users on it want to use active FTP, is this possible without doing something like: ipfw add allow tcp from any 20 to any 1024-65534 ?? What I'm trying to duplicate is the functionality of linux iptables where you would just add something like.. $IPTABLES -A INPUT -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT and then everything like active FTP would just work. We don't quite understand how that can be done with ipfw's keep-state and would appreciate any tips you can offer. And yes I know that FTP sucks, and that passive FTP can be made to work, it is just annoying that I cna work this out so easily with iptables but not with ipfw. Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031019180206.GL24304>