active FTP, ipfw and dynamic rules
Andy Smith
andy at strugglers.net
Sun Oct 19 11:02:09 PDT 2003
Hi guys, apologies if this has been discussed before but a couple of
us have been googling and reading man pages for a few hours now and
can't seem to work this one out.
If you've got a machine with IPFW2 and users on it want to use
active FTP, is this possible without doing something like:
ipfw add allow tcp from any 20 to any 1024-65534
??
What I'm trying to duplicate is the functionality of linux iptables
where you would just add something like..
$IPTABLES -A INPUT -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
and then everything like active FTP would just work.
We don't quite understand how that can be done with ipfw's
keep-state and would appreciate any tips you can offer.
And yes I know that FTP sucks, and that passive FTP can be made to
work, it is just annoying that I cna work this out so easily with
iptables but not with ipfw.
Thanks!
More information about the freebsd-ipfw
mailing list