i never found a clear document on this subject. could someone correct
me if i'm wrong ?
1) all ip packet from outside goes to ipfw host ip, so incoming packets
rules must be wroten with the gateway IP as source, and not the
final
masqueraded host.
ie. the ipfwadm rules come before the masquerading process.
2) the 'ipfwadm -O' apply first, before all others. i'm thinking to
module as ip_masq_ftp. for PASV mode, i had to add a
'ipfwadm -a accept -W eth1 -P tcp -S 0/0 1023:$MXPORT -d $GW
1023:$MXPORT'
i don't like this line.
3) incoming without '-W' means incoming packets on all interface
4) outgoing without '-W' means ougoing packets on all interface
amicalement,
fx
amicalement,
fx
---
Peretmere fx - Sysadmin Unix & NT - Insys Group, Paris
[ +33 (0)1 40 21 12 50 / #5165176 ]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
