Date: Wed, 15 Dec 1999 22:45:20 -0600 From: Nathan Zornes <jjg@bbnow.net> To: freebsd-small@FreeBSD.ORG Subject: Re: firewall, ipnat Message-ID: <38586E60.77971C6B@bbnow.net> References: <19991215124159.A73250@nu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Vance wrote: > I am currently using an old 386 as a dialout firewall using picoBSD, a > (slightly modified) dial configuration and some ipfw rules. > (My wife uses MS Win98 behind this machine, and I don't trust MS > software, hence pBSD...) > The firewall has 8M of memory, and I'd rather not use any of the 40M > hard disk, which is dedicated to MS WFW311 when the network is > disconnected. I currently boot off a floppy and leave the hard disk > alone. > I can't find any way to tell IE5 on MSW98 to use passive ftp, and I > want to keep the firewall rules as tight as possible, so it looks like > I need some sort of FTP proxy. (My ISP doesn't seem to have a visible > FTP proxy I can use, although I could ask further. I'd also rather > avoid reliance on 3rd parties, as much as possible.) Given the fact you would like to avoid third parties, is it not an option to have the clients use Netscape(passive ftp by default) or MSIE ( I think passive ftp by default) in order to make ftp connections? > Currently I run ipfw on the firewall, but am considering a change to > ipf and ipnat, since ipnat appears to have a builtin ftp proxy which > is ipf-friendly. I had a similar configuration. I do not run an ftp proxy. But I know that the clients behind my firewall are able to perform ftp transactions with no problems uploading or downloading with Netscape. I highly suggest using the combination of ipf and ipnat. I have used it on FreeBSD, Solaris Sparc, and Solaris x86 platforms. The "keep state" feature is pretty cool. <snip> Cheers, Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38586E60.77971C6B>