From owner-freebsd-ipfw Wed Mar 21 23:31:12 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id 453E837B720 for ; Wed, 21 Mar 2001 23:30:42 -0800 (PST) (envelope-from patrick@mip.co.za) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id JAA27952 for ; Thu, 22 Mar 2001 09:30:25 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: Subject: RE: freebsd 4.2 ipfw natd Date: Thu, 22 Mar 2001 09:30:25 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <7e96417ea3ae.7ea3ae7e9641@mbox.com.au> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Re FTP: FTP Servers listen on Port 21, and then establish an FTP-Data connection in 'reverse' on their port 20 back to the client. So you need to have rules something like this: ------------------ # FTP - Allow access from our LAN to External FTP servers ${fwcmd} add pass tcp from any to any 21 setup ${fwcmd} add pass tcp from any 20 to any 1024-65535 setup # FTP - Allow access from the net to our FTP server ${fwcmd} add pass tcp from any to x.x.x.x 21 setup ${fwcmd} add pass tcp from x.x.x.x 20 to any 1024-65535 setup ------------------ You will need to allow established, or use stateful rules, to keep the connection running after setup. Patrick O'Reilly. -----Original Message----- From: owner-freebsd-ipfw@FreeBSD.ORG [mailto:owner-freebsd-ipfw@FreeBSD.ORG]On Behalf Of das@mbox.com.au Sent: 22 March 2001 04:37 To: freebsd-ipfw@FreeBSD.ORG Cc: voutah@pi.be Subject: RE: freebsd 4.2 ipfw natd Not a bad example at: http://www.mostgraveconcern.com/freebsd Check out the dual-homed host (Advanced topic number 4). Sadly there is no example of what to do about ftp. How do I allow ftp for my internal clients? eg. # HTTP - Allow access to our web server ${fwcmd} add pass tcp from any to any 80 setup What should it be for ftp? I know ftp opens up all sort of other ports, but not sure what to do. I guess it is different if you want passive/active ftp. Anybody got examples of both? Thanks, Dave Seddon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message