Hi, I have an IPFILTER firewall that, ideally, should not allow any arbitrary outgoing connections. So right now, I only allow 25, 80 and 21. The machine itself is behind one more firewall (at least temporarily) so that I can't do active ftp even if the IPFILTER does any kind of proxying.
Is there a way to allow passive *outgoing* ftp via IPFILTER. I have tried using dummy IPNAT via map 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp (after enabling ipnat_enable=yes in /etc/rc.conf) That didn't work either. The docs I read didn't make it clear if the IPFILTER's proxy is trying to proxy a ftp server behind a firewall or an ftp client behind a firewall. In my case I am not running any ftp service. I am merely just trying to get an ftp client to work. So short of passs out quick on fxp0 proto tcp any to any is there a way I can make IPFILTER temporarily enable an 'destination' port based on the current ftp session. I would be the only one using ftp from this machine, so even if I could force the ftp-server (probably not, since I am only a remote client) to use a pre-set port on its end for passive ftp connections, even that is fine. BTW, if ipfw or ipchains or any such alternatives can do this, I am also ready to switch to that firewall setup. -- Hari Bhaskaran To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message