--- IMS <[EMAIL PROTECTED]> wrote:
> Hi all
>
> I try to write FTP rules with ftp-proxy.
> However after try for serveral hours..
> It isn't work..
It depends what kind of FTP you are looking at. Most FTP clients these
days use passive FTP. In this case, you do not need ftp-proxy at all.
You
just need two rules in addition to your nat line. This assumes you are
filtering on only the external interface. This should get you started:
# PASSIVE FTP
# 1. Firewall contacts ftp servers on behalf of passive ftp clients
# on port 21 in order to make control requests.
pass out on $EXT \
inet proto tcp \
from $EXT \
to any port 21 \
keep state
# 2. Firewall contacts ftp servers on behalf of passive ftp clients
# on unprivileged port range ( > 1024 ) in order to make
# data requests.
pass out on $EXT \
inet proto tcp \
from $EXT \
to any port $UNP_ports \
keep state
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
