On 1 October 2010 15:34, Kevin Wilcox kevin.wil...@gmail.com wrote:
On 1 October 2010 10:16, Daniel Bye
freebsd-questi...@slightlystrange.org wrote:
On Fri, Oct 01, 2010 at 09:40:56AM -0400, Kevin Wilcox wrote:
Krad, I was under the impression that 'audit' from TrustedBSD is built
into
of these probes originated from China. Since I have no
legitimate business dealing with that region, I decided to create a
table in my IPFW firewall to block them. This is an example:
## IPFW Firewall Rules
# Set rules command prefix
cmd=ipfw -q add
# public interface name of NIC facing
On Thu, 30 Sep 2010, Ian Smith wrote:
countries are long gone. For some scientific (and policy) rationale of
the increasingly fragmented nature of new allocations down to /22 (ie 64
IP addresses) have a look at http://www.potaroo.net/tools/ipv4/
Oops; a /22 allocation is of course 4
Hi,
We are in the process to replace two Cisco Pix firewalls and one Cisco
router with two servers running PF with carp. The network is large
(it is an University) and all will depend on this two machines.
We have made some tests with OpenBSD, PF and OpenBGPD and it looks to
work (but we have to
firewall to block them. This is an example:
## IPFW Firewall Rules
# Set rules command prefix
cmd=ipfw -q add
# public interface name of NIC facing the public Internet
pif=nfe0
# Lets start by listing known bad IP addresses and blocking them. We
# will put them into a table for easier handling
decided to create a
table in my IPFW firewall to block them. This is an example:
## IPFW Firewall Rules
# Set rules command prefix
cmd=ipfw -q add
# public interface name of NIC facing the public Internet
pif=nfe0
# Lets start by listing known bad IP addresses and blocking them. We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/04/2010 01:21:44, Fbsd1 wrote:
Just where do jails fall in reference to the host firewall?
Do jails see the inbound packets before the host's firewall does?
No. The host firewall handles all of the incoming traffic before it
gets to the jail
Just where do jails fall in reference to the host firewall?
Do jails see the inbound packets before the host's firewall does?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe
Bob Hall wrote:
I use
onet=`ifconfig rl0 | grep inet | awk '{print $6}'`
where rl0 is the outward facing NIC on this gateway.
Thanks. But I think I like a method which allows me to get the
device names also, to allow a 'hands-off' configuring of the fw.
I'll keep your code for
Is there a proper way to reset firewall rules in
FreeBSD8.0 ? I just discovered that if one is remotely logged
in and makes a change in the firewall rules, it is a disastor to
do something like
sh /etc/[firewall_rules_script]
One could do that in FreeBSD6.x. When the rules
of the question is:
If one modifies the firewall rules and wants to make sure they
are good, is there a more correct way to safely reload them from
the script?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd
Mark writes:
You could use nohup
That's is a very good idea.
Thanks.
Martin McCormick
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
Martin McCormick mar...@dc.cis.okstate.edu writes:
Is there a proper way to reset firewall rules in
FreeBSD8.0 ? I just discovered that if one is remotely logged
in and makes a change in the firewall rules, it is a disastor to
do something like
sh /etc/[firewall_rules_script
a controlling
terminal and completes.
The only remaining part of the question is:
If one modifies the firewall rules and wants to make sure they
are good, is there a more correct way to safely reload them from
the script?
One possible approach might be to make a copy of your rules, edit
In the example firewall rule set in rc.firewall, there are
the following lines:
# set these to your outside interface network
oif=$firewall_simple_oif
onet=$firewall_simple_onet
# set these to your inside interface network
iif=$firewall_simple_iif
inet=$firewall_simple_inet
Can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/03/2010 13:52:57, Walter wrote:
In the example firewall rule set in rc.firewall, there are
the following lines:
# set these to your outside interface network
oif=$firewall_simple_oif
onet=$firewall_simple_onet
# set these to your
On Tue, Mar 30, 2010 at 07:52:57AM -0500, Walter wrote:
Can these be set by the system automatically? Specifically
$firewall_simple_onet?
I use
onet=`ifconfig if | grep inet | awk '{print $6}'`
where if is rl0 or em0 or whatever the outward facing interface is for
your system.
Matthew Seaman wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can these be set by the system automatically? Specifically
$firewall_simple_onet?
If you switch to using PF rather than IPFW, this is very easy.
In a PF ruleset, the name of an interface is expanded to a list of all
On Tue, Mar 30, 2010 at 04:17:22PM -0500, Walter wrote:
Can these be set by the system automatically? Specifically
$firewall_simple_onet?
My first response never showed up. Second try.
I use
onet=`ifconfig rl0 | grep inet | awk '{print $6}'`
where rl0 is the outward facing NIC on
Thank you all for your help.
Two for PF and one for IPFILTER - I'll have to do some math now :)
All best, Iv
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
We will be running a web server -
- FreeBSD 8.x
- Apache 2.x
- php 5.x
- PostgreSQL 8.x
- Postfix 2.x
- The server will run nearly 98% of the time below 25% load (no high
performance firewall is needed).
- Access to the server will be done only via ssh w/ key (there will be no
public ftp, etc
Hello,
- Original Message
From: Iv Ray po...@verysmall.org
To: freebsd-questions@freebsd.org
Sent: Fri, February 5, 2010 11:24:52 PM
Subject: best firewall for a web server
We will be running a web server -
- FreeBSD 8.x
- Apache 2.x
- php 5.x
- PostgreSQL 8.x
- Postfix 2
Iv Ray wrote:
We will be running a web server -
- FreeBSD 8.x
- Apache 2.x
- php 5.x
- PostgreSQL 8.x
- Postfix 2.x
- The server will run nearly 98% of the time below 25% load (no high
performance firewall is needed).
- Access to the server will be done only via ssh w/ key
I'd like to receive the firewall logs together
with the usual /etc/periodic/daily email.
What's the easiest/safest way to achieve this?
Shall I add my own script under /etc/periodic/daily?
Shall I modify an existing script, e.g. 310.accounting?
Please advise
many thanks
--
Anton Shterenlikht
Anton Shterenlikht wrote:
I'd like to receive the firewall logs together
with the usual /etc/periodic/daily email.
What's the easiest/safest way to achieve this?
Shall I add my own script under /etc/periodic/daily?
Shall I modify an existing script, e.g. 310.accounting?
Sure -- you can add
If I have em0 and em1 comprising lagg0 which interface would I apply
PF inbound rules on?
Thanks.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
Paul Halliday wrote:
If I have em0 and em1 comprising lagg0 which interface would I apply
PF inbound rules on?
lagg0
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP:
Want to allow the bitlord progran to pass through my firewall. Does
anyone know the port numbers it uses for out bound and inbound packets.
Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd
2009/12/8 Fbsd1 fb...@a1poweruser.com:
Want to allow the bitlord progran to pass through my firewall. Does anyone
know the port numbers it uses for out bound and inbound packets.
Thanks
Why don't you look on the BitLord website? Or better, use a more
neighbourly program, that isn't adware
Thanks to all
--
Guy
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
than recompiling the whole world into my jails.
The other point a bit confusing is that I dont know which firewall to
use. My first guess would be to use pf, because it exists also on
openbsd, but it seems that the default would go to ipfw.
Thanks to support a newby
--
Guy
point a bit confusing is that I dont know which firewall to
use. My first guess would be to use pf, because it exists also on
openbsd, but it seems that the default would go to ipfw.
I am using pf too. It is a matter of preference and features needed. I
suggest you read the Handbook chapter
any available
packages. This is functionality that is currently missing from portmaster
but portmaster's author is soliciting donations to support himself while
he spends some quality time implementing it.
The other point a bit confusing is that I dont know which firewall to
use. My first guess
care of by freebsd-update binary
patching. You still need the make buildworld step, so you don't really
gain much.
The other point a bit confusing is that I dont know which firewall to
use. My first guess would be to use pf, because it exists also on
openbsd, but it seems that the default
On 10/31/09, phantomcircuit phantomcirc...@covertinferno.org wrote:
freebsd-update works fine in a jail so long as you symlink the kernel
file to /dev/null
I've never needed to do that. I run lots of jails and i just run
freebsd-update like normal. I don't install the kern sets in the jails
Hi,
I'm runing 7.2 with IPFilter - main purpose is for a news server.
Many established connections are just dropped and closed, it seems to
be random, all allow rules are being affected. Any insight would be
appreciated. The machine is under heavy usage, averaging arround 150
to 200
I'm guessing you have kernel tuning issues that have nothing to do with
the firewall.
http://www.freebsd.org/doc/en/books/handbook/configtuning-kernel-limits.html
ckn...@savage.za.org wrote:
Hi,
I'm runing 7.2 with IPFilter - main purpose is for a news server.
Many established connections
Gene f...@bomgardner.net wrote:
On Tue, 6 Oct 2009 11:05:19 -0700, Chris Cowart wrote
Gene wrote:
I'm running 7.2 GENERIC and installed the unrealirc port. I've started
it up
and can connect from localhost just fine. But when attempting to connect
from
the outside
Hi-
I'm running 7.2 GENERIC and installed the unrealirc port. I've started it up
and can connect from localhost just fine. But when attempting to connect from
the outside world (eg. from another box on the lan) I get connection refused.
I've tried both with and without ipfilter running (with
Gene wrote:
I'm running 7.2 GENERIC and installed the unrealirc port. I've started it up
and can connect from localhost just fine. But when attempting to connect from
the outside world (eg. from another box on the lan) I get connection refused.
I've tried both with and without ipfilter
On Tue, 6 Oct 2009 11:05:19 -0700, Chris Cowart wrote
Gene wrote:
I'm running 7.2 GENERIC and installed the unrealirc port. I've started it
up
and can connect from localhost just fine. But when attempting to connect
from
the outside world (eg. from another box on the lan) I get
of
accomplishing the same thing? I don't actually want the firewall to
consider itself the final destination for any of the additional IPs,
it just needs to pass them to pf for nat and filtering.
Assuming your assigned network is 192.0.2.24/29:
ipv4_addrs_vr0=192.0.2.25-30
See rc.conf(5
, is there a more efficient way of
accomplishing the same thing? I don't actually want the firewall to
consider itself the final destination for any of the additional IPs,
it just needs to pass them to pf for nat and filtering.
Assuming your assigned network is 192.0.2.24/29:
ipv4_addrs_vr0=192.0.2.25-30
Hello all,
A quick question - I have a /29 block of IPs that needs to be handled
by a firewall I'm setting up. Two addresses are lost to broadcast and
network, one is the ISP gateway, so we end up with 5 usable IPs that
can be assigned to the external interface. The question is how to do
Maxim Khitrov wrote:
Am I correct in assuming that I just need to add four
ifconfig_vr0_alias[0-3] lines to rc.conf? What happens if in the
future we get a much bigger IP block, is there a more efficient way of
accomplishing the same thing? I don't actually want the firewall to
consider itself
Maxim Khitrov wrote:
Hello all,
A quick question - I have a /29 block of IPs that needs to be handled
by a firewall I'm setting up. Two addresses are lost to broadcast and
network, one is the ISP gateway, so we end up with 5 usable IPs that
can be assigned to the external interface
Hello all,
I have inherited the job of maintaining a FreeBSD firewall that sits behind
an ADSL line that connects 128 clients to the internet. I have not used
FreeBSD before but have some linux experience. The connections must be
always on though I am allowed to reboot if absolutely necessary
Tamar Lea wrote:
Hello all,
I have inherited the job of maintaining a FreeBSD firewall that sits behind
an ADSL line that connects 128 clients to the internet. I have not used
FreeBSD before but have some linux experience. The connections must be
always on though I am allowed to reboot
On Mon, May 4, 2009 at 6:33 PM, Tamar Lea tamar...@gmail.com wrote:
Hello all,
I have inherited the job of maintaining a FreeBSD firewall that sits behind
an ADSL line that connects 128 clients to the internet. I have not used
FreeBSD before but have some linux experience. The connections
Hi,
You were right it had to do my topology. The firewall is working correctly
now.
Thanks again for all you help
On Thu, Mar 26, 2009 at 8:07 PM, Eric Magutu emag...@gmail.com wrote:
Hi Micheal,
I was trying to simulate the conditions of the server on a test machine.
I'm pretty sure now I
Hi everyone,
Thanks for all your input so far. I have tried to implement all you
suggestions but have gotten stuck. I set up a test machine in the office
with the ip 10.0.0.110 and encountered the following problems:
when I enables antispoofing the firewall didn't work
when I tried allowing
for in your rules below. You'll have to have
pass/block rules for both. It looks like this:
172.16.0.0/16 - le0 firewall - (some other interface) - 10.0.0.0
Could you tell me if that is correct?
Thanks,
Mike
- Original Message Snipped -
Thanks for all your input so far. I have tried
between two subnets. That would suggest you have two
interfaces and, if so, both need to be accounted for in your rules below.
You'll have to have pass/block rules for both. It looks like this:
172.16.0.0/16 - le0 firewall - (some other interface) - 10.0.0.0
Could you tell me if that is correct
Also, it would be a good ideea to go through the pf manual at least once.
I don't see any scrub or options or timeout periods (fine tunning).
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To
I forgot to mention...
You have something like
pass in/out on lo0
that's not wrong but it's not the way to do it
set skip on lo0 # is the right way
___
freebsd-questions@freebsd.org mailing list
I also forgot to mention:
You should probably log your block rule so that you can see what's going on if
things don't work as expected.
So:
block in log on $ext_if
Note the lack of quick as well, as previously mentioned.
With logging enabled, provided you have pflog running (which you
Hi,
I'm trying to reconfigure and recompile my kernel to use a ipv6 firewall.
So far I added this to the kernel (from http://techie.devnull.cz/ipv6/ipfw2-
ipv6-dummynet/) :
# IPFW2
options IPFW2
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options
to enable the ALTQ features.
It's equivalent to IPFW's dummynet but there are subtle differences in the
way it operates that may or may not be a show stopper for you.
So what option(s) do I need to use a ipv6 firewall in my kernel ?
Same as you need for either pf or ipfw with IPv4 -- in fact, you
Olivier Nicole wrote:
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
We are using a combination of squid+ipfw. Although we are NATing the
users, that really just introduces needless complexity that could
/bin/bash only if you're intentionally
using BASH specifig functionalities that SH doesn't include.
May save you lots of headache.
2. short of a reboot how do you start stop and restart the firewall
You can use ipfw's rc.d script:
# /etc/rc.d/ipfw start
# /etc/rc.d/ipfw stop
the
Sendmail Access file but all that did was choak up the server with moronic
shit. And i want to be able to use my sftp program but it opens random
ports which can not be controlled so i need the Clearaddresses to be able
to see all ports.
For the firewall, pf user here, so others should help
G magicman wrote:
1. I need help to reconfigure my firewall on the server using BSD's ipfw
What part do you need to reconfigure?
2. short of a reboot how do you start stop and restart the firewall
Very, very carefully. Until I gained some extensive experience with
IPFW, I would wrap
Thank you for your help on this
Garrett
--- On Fri, 12/5/08, Mel [EMAIL PROTECTED] wrote:
From: Mel [EMAIL PROTECTED]
Subject: Re: IPFW Firewall Question
To: freebsd-questions@freebsd.org, [EMAIL PROTECTED]
Date: Friday, December 5, 2008, 6:02 AM
On Friday 05 December 2008 01:26:04 G magicman
1. I need help to reconfigure my firewall on the server using BSD's ipfw
here is part of the configuration file so far that the Co-lo people put in.
2. short of a reboot how do you start stop and restart the firewall
#!/usr/local/bin/bash
export IPF=ipfw -q add
ports=11 21 22 23 25 37 42
Olivier Nicole wrote:
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
[...]
Is there any solution that exists?
I looked at pfSense, but captive portal does not work on bridged
interfaces; it's one or the other
Hi Chris,
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
We are using a combination of squid+ipfw. Although we are NATing the
users, that really just introduces needless complexity that could be
avoided
Olivier Nicole wrote:
Hi Chris,
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
We are using a combination of squid+ipfw. Although we are NATing the
users, that really just introduces needless complexity that could
Hi,
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
I need bridged intefaces because we are a Computer Science department
and we sometime have traffic other than plain IP, need multicast,
IPv6, etc, so bridged
On Thu, 27 Nov 2008 12:07:50 +0100 (CET)
Wojciech Puchar [EMAIL PROTECTED] wrote:
Yeah. Limewire is written in Java (iirc), which makes it extremely
easy to port it to any system that can run java.
for P2P sharing rtorrent (/usr/ports/net-p2p/rtorrent) works excellent
if you only want
On Wed, 26 Nov 2008 23:25:21 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
The Limewire website says it has versions for Windows, Mac OS X, Linux and
others, including OS/2 and Solaris.
furthermore, you can just download the source and make it run from within
Eclipse (with some tweaks regarding
because historically ISPs used those ports for throttling.
+1 . skype does the same thing. and it's p2p too , although a lot less so
than limewire.
well ther are excellent method to block skype when using HTTP proxy not
NAT ;) (skype can do through proxy)
Yeah. Limewire is written in Java (iirc), which makes it extremely
easy to port it to any system that can run java.
for P2P sharing rtorrent (/usr/ports/net-p2p/rtorrent) works excellent
___
freebsd-questions@freebsd.org mailing list
on program name that started the conversation.
I thought i read in openbsd pf manual that pf state processing will
allow applications like limewire to function normally by accepting the
inbound high number port to pass through the firewall.
I have inclusive firewall rule set which means only
a rule option to
allow packs in/out based on program name that started the
conversation.
I thought i read in openbsd pf manual that pf state processing will
allow applications like limewire to function normally by accepting
the inbound high number port to pass through the firewall.
I have
On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 [EMAIL PROTECTED] wrote:
I have inclusive firewall rule set which means only packets matching
the rules are passed through. The inbound hight port numbers are
blocked by design.
How do other firewall users code rules to allow limewire to work?
I
On Wed, Nov 26, 2008 at 8:13 AM, [EMAIL PROTECTED] wrote:
Hmmm. Isn't life interesting. I would like to know how to block them and
others without causing strange secondary problems.
Actually a default pf configuration will let them pass unless I'm
forgetting something important.
ed
I
Andrew Gould [EMAIL PROTECTED] escribió:
On Wed, Nov 26, 2008 at 8:13 AM, [EMAIL PROTECTED] wrote:
Hmmm. Isn't life interesting. I would like to know how to block them and
others without causing strange secondary problems.
Actually a default pf configuration will let them pass unless I'm
sorry for asking but what are this limewire programs are?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar
[EMAIL PROTECTED] wrote:
sorry for asking but what are this limewire programs are?
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often
[EMAIL PROTECTED] writes:
Andrew Gould [EMAIL PROTECTED] escribió:
On Wed, Nov 26, 2008 at 8:13 AM, [EMAIL PROTECTED] wrote:
Hmmm. Isn't life interesting. I would like to know how to block them and
others without causing strange secondary problems.
Actually a default pf configuration
On Wed, 26 Nov 2008 10:54:43 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar
[EMAIL PROTECTED] wrote:
sorry for asking but what are this limewire programs are?
My unofficial take on it is that limewire is a peer-to-peer sharing
On Wed, 26 Nov 2008 10:54:43 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar
[EMAIL PROTECTED] wrote:
sorry for asking but what are this limewire programs are?
My unofficial take on it is that limewire is a peer-to-peer sharing
dick hoogendijk wrote:
I know, I'm cynical here, but limewire is not all bad!
...and, BTW, Limewire port is readily available for FreeBSD:
http://cvsweb.freebsd.org/ports/net-p2p/limewire
LimeWire is a fast, easy-to-use file sharing program that contains no
spyware, adware or other
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one of the
fastest, most effective ways to spread viruses, trojans, spyware, etc.
that's my
When people ask my advice about computers, I always include: Never use
Limewire, or anything like it.
just downloading/sharing files allows you to download viruses, but it's
up to you to run them.
well unless P2P program is really broken, or you are sharing executables.
for sharing movies,
dick hoogendijk wrote:
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one of the
fastest, most effective ways to spread viruses, trojans,
On Wed, 26 Nov 2008 09:28:49 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
When the last culprit get's his computer back, he
will find it running an operating system that is not supported by Limewire.
DOS 6.0 ? :P it's java...
The next time, he'll get it back without a network card.
ouch,
On Wed, 26 Nov 2008 18:52:16 +
RW [EMAIL PROTECTED] wrote:
[..]
It is one of the
fastest, most effective ways to spread viruses, trojans, spyware, etc.
The program does not use fixed ports, so the services are hard to
block. In essence, the program gets the user to bypass
Fbsd1 wrote:
[snip]
Limewire is a windows only application.
So how can you say it runs on solaris which is a flavor Unix?
Limewire is a Java program. It will run on any platform which has a
working Java run time environment installed. It is definitely not
Windows only.
-Jason
On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 [EMAIL PROTECTED] wrote:
I have inclusive firewall rule set which means only packets matching
the rules are passed through. The inbound hight port numbers are
blocked by design.
How do other firewall users code rules to allow limewire to work?
Hi,
i
On Wed, Nov 26, 2008 at 6:40 PM, Fbsd1 [EMAIL PROTECTED] wrote:
dick hoogendijk wrote:
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one
On Thu, Nov 27, 2008 at 12:25 AM, Andrew Gould
[EMAIL PROTECTED] wrote:
On Wed, Nov 26, 2008 at 6:40 PM, Fbsd1 [EMAIL PROTECTED] wrote:
dick hoogendijk wrote:
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share
the
time to read all of your reply in detail.
The answer is: enable outgoing tcp connections to port 21 and to all
ports above 1023.
Is there a way to set up any firewall so that while there is an active
outgoing connection on port 21, allow any incoming connections from the
same IP address
Hello Jeremy:
On 10/6/08 9:30 PM, Jeremy Chadwick [EMAIL PROTECTED] wrote:
On Mon, Oct 06, 2008 at 06:08:50PM -0700, Michael K. Smith - Adhost wrote:
Hello All:
We have a load balanced pair of PF boxes sitting in front of a whole bunch of
server doing all manner of things! It's been
from mirrors? I'm trying to figure out the smallest number of ports
(the TCP/IP kind) that I need to open in my firewall. I don't want to
enable incoming FTP requests, but do want to allow outgoing ftp
requests, I believe.
Am I on the right track, here?
Thanks: John
I correct in guessing that ports uses FTP to grab source files from
mirrors? I'm trying to figure out the smallest number of ports (the
TCP/IP kind) that I need to open in my firewall. I don't want to enable
incoming FTP requests, but do want to allow outgoing ftp requests, I
believe.
Am I
collection.) I have to disable PF to do so.
Obviously not a great solution.
Am I correct in guessing that ports uses FTP to grab source files
from mirrors? I'm trying to figure out the smallest number of ports
(the TCP/IP kind) that I need to open in my firewall. I don't want
to enable
) that I need to open in my firewall. I don't want
to enable incoming FTP requests, but do want to allow outgoing ftp
requests, I believe.
Am I on the right track, here?
See the fetch(1) man page. Try this first:
sh/bash: export FTP_PASSIVE_MODE=true
csh: setenv
problem: I can no longer install software with ports (i.e, the /usr/ports
collection.) I have to disable PF to do so. Obviously not a great solution.
Am I correct in guessing that ports uses FTP to grab source files from
FTP or HTTP.
if you have http proxy like squid in your network do
of ports
(the TCP/IP kind) that I need to open in my firewall. I don't want
to enable incoming FTP requests, but do want to allow outgoing ftp
requests, I believe.
Am I on the right track, here?
See the fetch(1) man page. Try this first:
sh/bash: export FTP_PASSIVE_MODE=true
csh: setenv
101 - 200 of 1122 matches
Mail list logo