Date: Mon, 17 Dec 2001 15:31:58 +0200 From: Johann Botha <joe@frogfoot.net> To: apache@ukr.net Cc: freebsd-isp@freebsd.org Subject: Re: firewall + ftp Message-ID: <20011217133158.GB30894@blue.frogfoot.net> In-Reply-To: <20011217131602.A1843@unixbox.office.annaltd.com> References: <20011217131602.A1843@unixbox.office.annaltd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi apache! > I am aranging firewall in my office network connected to Internet via dedicated > line. I wanna close everything but HTTP, SMTP, SSH and FTP from internal > network. The problem is FTP. I wanna make uploads/downloads to Internet hosts > via ftp. > > What can i do with data ports? > Are there any solutions or start points for me (ftp proxy, etc.)? man natd ------------< snip <------< snip <------< snip <------------ -punch_fw basenumber:count This option directs natd to `punch holes'' in an ipfirewall(4) based firewall for FTP/IRC DCC connections. This is done dynamically by installing temporary firewall rules which allow a particular connection (and only that con- nection) to go through the firewall. The rules are removed once the corresponding connection terminates. ------------< snip <------< snip <------< snip <------------ but.. i could not get this to work, imho natd is broken. (in 4.3 anyway) so now i use jftpgw: http://www.mcknight.de/jftpgw/features.html eg. ------------< snip <------< snip <------< snip <------------ # Transparent Proxy for FTP fwd 66.8.1.1,2370 tcp from 66.8.1.48/29 to any 21 in recv ed1 ------------< snip <------< snip <------< snip <------------ and then just allow "1025-65535 to any 21" on the firewall's IP. ..or use IPF's NAT: http://coombs.anu.edu.au/~avalon/ip-filter.html -- Regards Johann "FreD is not dead" - echo $(uname) is not dead | sed "s/eBS//" _________________________________________________________ Johann L. Botha Debian GNU Jedi: joe@debian.org email: joe@frogfoot.net snail mail: PO Box 3472 mobile: +27 82 5626 167 Matieland workpage: http://www.frogfoot.net Stellenbosch homepage: http://blue.frogfoot.net 7602 gps: 33deg 56.09S, 18deg 25.31E, 64m South Africa ham: ZR1JOE Copyright (c) 2001. The Sovereigns of Frogfoot. All rights reserved. Disclaimer available upon request. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011217133158.GB30894>