From owner-freebsd-questions Sat Aug 11 20:23:33 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhub.cns.ksu.edu (grunt.ksu.ksu.edu [129.130.12.17]) by hub.freebsd.org (Postfix) with ESMTP id 3FEFB37B407 for ; Sat, 11 Aug 2001 20:23:27 -0700 (PDT) (envelope-from jdt2101@ksu.edu) Received: from unix2.cc.ksu.edu (jdt2101@unix2.cc.ksu.edu [129.130.12.4]) by mailhub.cns.ksu.edu (8.9.1/8.9.1/mailhub+tar) with ESMTP id WAA28139 for ; Sat, 11 Aug 2001 22:23:25 -0500 (CDT) Received: from localhost (jdt2101@localhost) by unix2.cc.ksu.edu (8.8.8+Sun/8.8.8) with ESMTP id WAA22516 for ; Sat, 11 Aug 2001 22:23:26 -0500 (CDT) X-Authentication-Warning: unix2.cc.ksu.edu: jdt2101 owned process doing -bs Date: Sat, 11 Aug 2001 22:23:25 -0500 (CDT) From: Josh Thomas X-X-Sender: To: Subject: passive ftp not working with ipfw rulesets Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm having a small amount of problems with getting passive ftp to work with some ipfw rulesets that I've put in place. The pertinent rulesets are below. I'd appreciate any advice, especially on where I should place a check-state rule to minimize packet delay. I'm still pretty new at ipfw, so any pointers will be well-taken. I am not subscribed to the list, so please cc. add pass all from ${ip} to any keep-state add pass all from any 21 to ${ip} keep-state add pass all from any 20 to ${ip} keep-state Passive attempts at connections should be passed via the first rule, shouldn't they? Or am I missing something else? Thanks. Josh Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message