Re: ipfw or ipf w/stateful behavior
From: Fernando Gleiser (fgleiser_at_cactus.fi.uba.ar)
Date: 08/04/03
- Previous message: Jez Hancock: "Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"
- In reply to: michael: "Re: ipfw or ipf w/stateful behavior"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Aug 2003 12:00:48 -0300 (ART) To: michael <michael@nettmail.de>
On Sun, 3 Aug 2003, michael wrote:
> well, back to the essentials:
>
> under linux can i load a kernelmodule for masquerading ftp-connections and
> this allows me to close any port from outside except the ports for
> Management or administration. these make the firewall secure enaugh.
with ipf/ipnat there's a built-in ftp proxy, just add
map xl0 192.168.0.0/24 -> <externalip> proxy port ftp ftp/tcp
to the top of your ipnat.rules file. Change the IPs and interface
to meet your setup.
>
> May under FreeBSD it give no KLD_MODULE that solve the problem with ftp/or
> irc.
The above line is the ipf's equivalent of the linux module.
Fer
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jez Hancock: "Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"
- In reply to: michael: "Re: ipfw or ipf w/stateful behavior"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
