From owner-freebsd-questions  Sat Nov 16  1:36: 5 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CC57637B401
	for <questions@FreeBSD.ORG>; Sat, 16 Nov 2002 01:36:03 -0800 (PST)
Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 67A9843E4A
	for <questions@FreeBSD.ORG>; Sat, 16 Nov 2002 01:36:02 -0800 (PST)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])
	by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gAG9Ztx2009561
	for <questions@FreeBSD.ORG>; Sat, 16 Nov 2002 09:35:55 GMT
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)
	by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gAG9ZopK009560
	for questions@FreeBSD.ORG; Sat, 16 Nov 2002 09:35:50 GMT
Date: Sat, 16 Nov 2002 09:35:50 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: questions@FreeBSD.ORG
Subject: Re: Firewall setup
Message-ID: <20021116093549.GA9351@happy-idiot-talk.infracaninophi>
Mail-Followup-To: Matthew Seaman <matthew@FreeBSD.ORG>,
	questions@FreeBSD.ORG
References: <2B7E7A9E-F8FA-11D6-87C6-003065B0995C@vermoe.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2B7E7A9E-F8FA-11D6-87C6-003065B0995C@vermoe.dk>
User-Agent: Mutt/1.5.1i
X-Spam-Status: No, hits=-3.0 required=5.0
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_02_03,
	      USER_AGENT,USER_AGENT_MUTT
	version=2.43
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, Nov 16, 2002 at 01:27:20AM +0100, Thomas von Hassel wrote:
> I'm using these rules as a template for my firewall config:
> 
> http://www.geocrawler.com/archives/3/151/2002/5/0/8814536/
> 
> but i cant seen to get get FTP working. (users connecting to outside 
> ftp servers from the local network)

In the best Parliamentary tradition, I refer the Honourable Gentleman
to my previous answer:

http://groups.google.co.uk/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&safe=off&selm=fa.p0jgo8v.2hc7b2%40ifi.uio.no

Basically, for your situation you want to make all your users use
passive mode FTP.  If your firewall allows arbitrary outgoing
connections, you're all set.  If not, you should be able to put
together a suitable ruleset from the information in my earlier post.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
                                                      Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message