restrictive ipfw ruleset and ftp

Bill Moran wmoran at potentialtech.com
Tue Jun 17 06:08:10 PDT 2003


Andrew Thomson wrote:
> any suggestions would be great.
> 
> i have a restrictive ipfw ruleset that works great.. it only allows
> incoming connections that i allow and outgoing connections allow. i have
> a list of ports that i let my users go out on: 80, 22, 143, 443 etc
> etc..
> 
> All the stuff they might need to do.
> 
> how can i handle passive ftp though?
> 
> i can let 21 out, but when the remote ftp server says use this x high
> port.. i block that because it's not in my list. so what can i do to get
> around this..
> 
> not totally familiar with it, but is this what fw_punch is for within
> nat??

That's what it's designed for.  I've never used it so I can't verify how
well it works.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com



More information about the freebsd-questions mailing list