Date: Mon, 16 Jan 2012 08:36:31 +0200 From: vip 71541 <vip71541@gmail.com> To: ipfw@freebsd.org Subject: Problem with passive ftp in IPFW! Message-ID: <CAFuaoCR5eMktyPc0ZRoOTVvMw1QQd4Z7QDe_YkxgR=wMTPXbTw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Good morning, everybody. My name is Eugene. I know that not a new issue ... But
there is a problem as competently / properly write the rules for passive ftp in
ipfw on a gateway for my LAN. Gateway running Freebsd 8.2p6. For kernal NAT.
Now goes to the local network FTP on such rules here:
00159 0 0 skipto 65000 tcp from 192.168.10.0/24 to any
dst-port21,1024-65535
out xmit em0 keep-state
--
00211 skipto 65000 tcp from any 21,1024-65535 to ${wan_ip} in recv em0
--
65000 0 0 nat 90 ip from any to any via em0
---
Are there any in ipfw analogue state RELATED and two modules nf_nat_ftp,
nf_conntract_ftp in IPTABLES. As an intelligent man ipfw how to open
his information
was not found. So, would not open the ports above 1024 ... But somehow not
very good firewall such as leaves and there is sort of not ...
This kernel is compiled with options such:
# *IPFW*
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE=100
options IPFIREWALL_FORWARD
options IPFIREWALL_NAT
options LIBALIAS
options IPDIVERT
options DUMMYNET
options HZ=1000
P.S And plan to add such a state in the next version of freebsd?
Thank you for your attention. I will wait your reply.
---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFuaoCR5eMktyPc0ZRoOTVvMw1QQd4Z7QDe_YkxgR=wMTPXbTw>