amadeus,
the problem you describe below is the raison d'etre for ipf's "ftp proxy". you don't need to open up ports, you need to employ the ftp proxy and have ipf do the work for you.
see http://marc.theaimsgroup.com/?l=ipfilter&m=104281981830532&w=2 and http://marc.theaimsgroup.com/?l=ipfilter&m=103602239908294&w=2 and http://marc.theaimsgroup.com/?l=ipfilter&m=100552653809016&w=2 and the links in http://marc.theaimsgroup.com/?l=ipfilter&m=100591781611106&w=2 including http://marc.theaimsgroup.com/?l=ipfilter&m=100549335729976&w=2 and more generally http://marc.theaimsgroup.com/?l=ipfilter&m=105128850416341&w=2
jim
Amadeus Stevenson wrote:
Hello All,
I am using a "block all" firewall which then selectively allows certain connections out and back in from a natted lan (ie. http, smtp etc.).
The problem arises with FTP.
Can anyone think of a solution to this problem?
