Date: Sun, 2 Sep 2001 15:34:37 -0700 (PDT) From: Mike Harding <mvh@ix.netcom.com> To: info@pc-service.ch Cc: freebsd-stable@freebsd.org Subject: Re: IPFirewall again Message-ID: <20010902223437.00EE513112@netcom1.netcom.com> In-Reply-To: <20010902194412.A279@pc-service.ch> (message from Martin Schweizer on Sun, 2 Sep 2001 19:44:13 %2B0200) References: <20010902194412.A279@pc-service.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
You need a proxy - ftp can't be easily firewalled unless you are using passive mode. This can be done as part of NAT and I am not sure if it will work if you aren't running NAT - does anyone know if you can do a 'null nat' to take advantage of these proxies? - Mike H. Date: Sun, 2 Sep 2001 19:44:13 +0200 From: Martin Schweizer <pcservice.schweizer@spectraweb.ch> Reply-To: Martin Schweizer <info@pc-service.ch> Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-stable@FreeBSD.ORG List-ID: <freebsd-stable.FreeBSD.ORG> List-Archive: <http://docs.freebsd.org/mail/> (Web Archive) List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions) List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable> List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable> X-Loop: FreeBSD.ORG Precedence: bulk Hello If I use the following rules and I can connect via ftp (for example ftp.freebsd.org) but after the successful login I can't do "ls". The permissons are always denied. Why? Which port need I also? # DNS (läuft nur über UDP) ipfw add allow udp from me to any 53 keep-state # SMTP ipfw add allow tcp from me to any 25 keep-state ipfw add allow udp from me to any 25 keep-state # POP3 ipfw add allow tcp from me to any 110 keep-state ipfw add allow udp from me to any 110 keep-state # HTTP ipfw add allow tcp from me to any 80 keep-state ipfw add allow udp from me to any 80 keep-state # FTP ipfw add allow tcp from any to any 20 keep-state ipfw add allow udp from any to any 20 keep-state # FTP 2. ipfw add allow tcp from any to any 21 keep-state ipfw add allow udp from any to any 21 keep-state # SSH ipfw add allow tcp from me to any 22 keep-state ipfw add allow udp from me to any 22 keep-state # Telnet ipfw add allow tcp from me to any 23 keep-state ipfw add allow udp from me to any 23 keep-state # Ping / TraceRoute ipfw add allow icmp from me to any # Whois ipfw add allow tcp from me to any 63 keep-state ipfw add allow udp from me to any 63 keep-state # Gopher ipfw add allow tcp from me to any 70 keep-state ipfw add allow udp from me to any 70 keep-state # Finger ipfw add allow tcp from me to any 79 keep-state ipfw add allow udp from me to any 79 keep-state # NNTP ipfw add allow tcp from me to any 119 keep-state ipfw add allow udp from me to any 119 keep-state # NTP ipfw add allow tcp from me to any 123 keep-state ipfw add allow udp from me to any 123 keep-state -- Regards, Martin Schweizer <info@pc-service.ch> PC-Service M. Schweizer; Gewerbehaus Schwarz; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010902223437.00EE513112>