Firewalls, filtering, ipfw, and FTP clients

Firewalls, filtering, ipfw, and FTP clients

One of the problems I had with my filtering was the inability to get FTP running.
  But I wasn’t stopping any FTP protocols with my rules.  So I couldn’t figure
it out.

You should also read the firewall section of the handbook.

How do you enable the firewall?

ipfw allows you to control the
IP coming in and out of your machine.  Basically, it’s a tool which can be used to
set up a firewall between your subnet and the rest of the world.  You can block
certain things, allow others, or allows protocols only from known addresses.  For
more information on firewalls, check out the firewall section in the FreeBSD Handbook.

I implemented the simple
firewall by setting the following line in /etc/rc.conf:


Please note that the above are case sensitve.

The firewall rules

Then you must tell the firewall what the topology looks
like.  I did this by putting the following into /etc/rc.firewall in the
simple section.  Please note that these numbers are imaginary and will not work for
you.  Please change to your own IP as assigned by your ISP and change to the IP address you have assigned to your gateway machine.

# set these to your outside interface network and netmask and ip

# set these to your inside interface network and netmask and ip

I also found that I had to disable some of the default rules.  But I’ll details
those rules at a later date.

If you’re using natd, you might want to add the following to the end of /etc/rc.firewall.
  But please note that with 2.2.8, these statements were included with rc.firewall
and will not be necessary.

$fwcmd add divert natd all from any to any via ${oif}
$fwcmd add pass all from any to any

After getting the above going, I found that FTP did not work.  Strange.  
There’s nothing in the rules that prevent FTP.  I gave up and used the open firewall
instead.  From time to time, I played with the rules, trying to figure out why it
wasn’t working.

11 July 1998 – The FTP Solution

I figured it out.  I decided to try the default ftp client that comes with
NT.  It worked.  I got it.  No problems.  Then I tried CuteFTP, a windows based client.  It didn’t work.
  Then I thought about the firewall settings.  I used the menu to go to FTP->Settings->Options.
  Once there, I went to the Firewall tab and set the following information:

Host:			MyHost
Type:			PASV
Enable firewall access:	ticked
This is my gateway machine, which is my FreeBSD box.  You can enter the name of the
box or the IP address.

And it worked.  I’m not sure of the reasons why, but it does.  I discovered
this information at the CuteFTP site but I’m sure
similar options exist for other FTP clients.

Leave a Comment

Scroll to Top