Date: Tue, 25 May 1999 15:18:12 -0400 From: Ed Keith <edk@kew.com> To: Alejandro =?iso-8859-1?Q?Ram=EDrez?= <ales@megared.net.mx> Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: Re: which ftp proxy? Message-ID: <374AF773.68CC17E3@kew.com> References: <37488BDD.DDB88F1D@kew.com> <01f701bea602$067c2fe0$f9a3f9cf@megared.net.mx> <374A270C.E7FF8E42@kew.com> <014801bea6bf$fb8033c0$f9a3f9cf@megared.net.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
No packets get through the firewall. The firewall system is dual homed. No
packets are routed between the two addresses. (The internal network is
192.168.19.x, so it would be very bad if packets were routed.)
If I want to ftp out I need to log onto the firewall machine and ftp from there
then ftp again (using an ftp server on the firewall that only connects to the
inside network) from the firewall to my desktop.
-EdK
Alejandro Ramírez wrote:
> Hi,
>
> If you are behind a firewall, and the ports:
>
> ftp-data 20/tcp #File Transfer [Default Data]
> ftp-data 20/udp #File Transfer [Default Data]
> ftp 21/tcp #File Transfer [Control]
> ftp 21/udp #File Transfer [Control]
>
> aren´t specifically blocked out by your system administrator (that i don´t
> think they are), you must use the "passive" mode in ftp transfers, the
> "passive" mode must be used always that you are behind a firewall, this is a
> rule to have a good ftp session, if your system administrator did
> specifically blocked out this ports, you may ask him to unblock them out (in
> /etc/rc.firewall), since this is simpler than to install a proxy server. And
> if you want to have more security in your network, and you have already
> configured ipfw, then you may try to enable "natd" (network address
> translation), it will let you have private ip addresses in your network and
> go outside with a public address for all of your machines (instead of
> installing a proxy server) but you still will have to use the "passive" mode
> in ftp transfers.
>
> Ales
>
> ----- Original Message -----
> From: Ed Keith <edk@kew.com>
> To: Alejandro Ramírez <ales@megared.net.mx>
> Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> Sent: Monday, May 24, 1999 11:29 PM
> Subject: Re: which ftp proxy?
>
> > I don't think that will help since all packets are blocked by the
> firewall.
> > I think I need to use a proxy server. But I don't know which one would be
> > best for my needs. (very small network, light volume, newbe site admin.,
> > paranoid domain administrator who may want me to justify why I picked the
> one
> > decide to use.)
> >
> > -EdK
> >
> >
> > Alejandro Ramírez wrote:
> >
> > > Hi,
> > >
> > > Try the "passive" option in the ftp program.
> > >
> > > Ales
> > >
> > > ----- Original Message -----
> > > From: Ed Keith <edk@kew.com>
> > > To: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> > > Sent: Sunday, May 23, 1999 6:14 PM
> > > Subject: which ftp proxy?
> > >
> > > > I'm running FreeBSD 2.28 and ipfw. I want to install an ftp proxy so I
> > > > can connect to ftp sites from behind the firewall. What is
> recommended?
> > > >
> > > > Thanks in advance,
> > > > -EdK
> > > >
> > > >
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-questions" in the body of the message
> >
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?374AF773.68CC17E3>