Date: Sat, 25 Sep 1999 15:07:15 -0600 From: Brett Glass <brett@lariat.org> To: Harold Gutch <logix@foobar.franken.de>, Nate Williams <nate@mt.sri.com> Cc: Monte Westlund <montejw@memes.com>, freebsd-security@FreeBSD.ORG Subject: Re: default rc.firewall Message-ID: <4.2.0.58.19990925150438.047285f0@localhost> In-Reply-To: <19990925125108.A13871@foobar.franken.de> References: <4.2.0.58.19990924113626.0480db00@localhost> <4.2.0.58.19990924111600.04809a90@localhost> <3.0.5.32.19990923152232.007c94c0@memes.com> <4.2.0.58.19990924111600.04809a90@localhost> <199909241733.LAA27644@mt.sri.com> <4.2.0.58.19990924113626.0480db00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:51 PM 9/25/99 +0200, Harold Gutch wrote: >But in this case you don't want to allow SYN-Packets coming from >the inside with *source* port 80, but with *destination* port 80. > >Instead of > > $fwcmd add pass tcp from ${oip} 80 to any setup > >you'd want > > $fwcmd add pass tcp from ${oip} to any 80 setup Thank you for catching that typo! Yes, when you're going outward, you want to go TO port 80. A proxy would be a good way to go for HTTP in particular, but I'm not sure where one would get one for other protocols. Most of the stand-alone FTP proxies out there seem fairly weak. I've heard that there's at least one firewall program with FTP proxying built in, but I haven't tried it. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990925150438.047285f0>