Date: Thu, 29 Jun 2000 10:33:44 +0300 From: Ruslan Ermilov <ru@sunbay.com> To: Visigoth <visigoth@telemere.net> Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: new ftpd feature... Message-ID: <20000629103344.D10869@sunbay.com> In-Reply-To: <xzpr99hwwtt.fsf@flood.ping.uio.no>; from des@flood.ping.uio.no on Wed, Jun 28, 2000 at 07:15:58PM %2B0200 References: <Pine.BSF.4.21.0006281121480.67967-300000@shell.telemere.net> <xzpr99hwwtt.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 28, 2000 at 07:15:58PM +0200, Dag-Erling Smorgrav wrote: > Visigoth <visigoth@telemere.net> writes: > > [patches to limit the range of ports used for passive FTP] > > des@flood ~% sysctl -A | grep portrange > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.portrange.lowlast: 600 > net.inet.ip.portrange.first: 1024 > net.inet.ip.portrange.last: 5000 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.hilast: 65535 > > ftpd uses ports in the high range, just adjust the last two sysctls > and you'll be fine. > I had a firewall set up in this configuration (allowing "anonymous" connects to the high portrange and denying otherwise). It was great. I can not see the reason why ftpd(8) would need an explicit portrange. -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000629103344.D10869>