On Tue, 16 Dec 2003 18:21:17 +0100, Michiel van Baak <[EMAIL PROTECTED]> wrote:
> 1. Hosts out on the internet cannot passive ftp to my server.
You don't have a rule to accept passive ftp connections. Configure your daemon
to use a fixed port range (49151-65535 for example) and add a "pass in on $ext_if
inet proto tcp from any to $ext_if port > 49151 keep state" rule. Since the server is
on the same box, you might wanna use the following rule instead (remember to replace
proftp with a valid username for your setup):
pass in on $ext_if inet proto tcp from any to $ext_if \
user proftp keep state
> that connect to my machine using active FTP get the error "Won't open
> connection to (put any internal range here ppl have on their lan)"
Ask the local administrators to setup a local ftp-proxy.. or clients have to
use passive transfers.
Rgs,
Tiago
--
Tiago Pierezan Camargo <elessar at matrix.com.br>
(o_.' The boozy penguin says:
//\c{} "VI VI VI The editor of the beast."
V__)_
