ipfw or ipf w/stateful behavior
Fernando Gleiser
fgleiser at cactus.fi.uba.ar
Mon Aug 4 08:04:14 PDT 2003
On Sun, 3 Aug 2003, michael wrote:
> well, back to the essentials:
>
> under linux can i load a kernelmodule for masquerading ftp-connections and
> this allows me to close any port from outside except the ports for
> Management or administration. these make the firewall secure enaugh.
with ipf/ipnat there's a built-in ftp proxy, just add
map xl0 192.168.0.0/24 -> <externalip> proxy port ftp ftp/tcp
to the top of your ipnat.rules file. Change the IPs and interface
to meet your setup.
>
> May under FreeBSD it give no KLD_MODULE that solve the problem with ftp/or
> irc.
The above line is the ipf's equivalent of the linux module.
Fer
More information about the freebsd-security
mailing list