> Beleza.... entendi a sistem�tica....
> mas ainda nao entendi a solu��o...
voc� tem v�rias formas de faze-lo:
no man natd voce encontra
-punch_fw basenumber:count
This option directs natd to ``punch holes'' in an
ipfirewall(4) based firewall for FTP/IRC DCC connections.
This is done dynamically by installing temporary firewall
rules which allow a particular connection (and only that
con-
nection) to go through the firewall. The rules are removed
once the corresponding connection terminates.
A maximum of count rules starting from the rule number
basenumber will be used for punching firewall holes. The
range will be cleared for all rules on startup.
voce pode tambem limitar ftp somente no modo ativo,
permitindo acesso somente as portas 20 e 21, lembrando que o sentido de
conex�o da 20 � inverso ao sentido da 21
voce pode habilitar regras dinamicas com o ipfw
no man ipfw voc� encontra
check-state
Checks the packet against the dynamic ruleset. If a match is
found, execute the action associated with the rule which gener-
ated this dynamic rule, otherwise move to the next rule.
Check-state rules do not have a body. If no check-state rule
is
found, the dynamic ruleset is checked at the first keep-state
or
limit rule.
ou simplesmente permitir conexoes entre 1024 e 65500 da rede interna para a
internet
ipfw add allow tcp from $sua_rede to any out setup
att,
Marcello Silva Coutinho
ps: Recomendo a leitura do livro "Construindo Firewalls para a Internet
Segunda edi��o" da O'Reilly .
http://superdownloads.ubbi.com.br/materias/20010406,67,1.html
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
