Discussion:
dynamic ftp rule
(too old to reply)
Sandwich Maker
2011-08-05 18:29:32 UTC
Permalink
solaris 8, ipf 3.4.35.

is it possible to construct a rule which allows incoming port 20
[ftp-data] -only- when an outgoing port 21 [ftp] connection is active?
anyone have an example?
________________________________________________________________________
Andrew Hay the genius nature
internet rambler is to see what all have seen
***@an.bradford.ma.us and think what none thought
Darren Reed
2011-08-06 00:17:15 UTC
Permalink
Post by Sandwich Maker
solaris 8, ipf 3.4.35.
is it possible to construct a rule which allows incoming port 20
[ftp-data] -only- when an outgoing port 21 [ftp] connection is active?
anyone have an example?
You have to use the NAT proxy.

.e.g.

map bge0 0/0 -> 0/32 proxy port ftp ftp/tcp

Darren
Sandwich Maker
2011-08-10 17:12:14 UTC
Permalink
" Date: Sat, 06 Aug 2011 01:17:15 +0100
" From: Darren Reed <***@reed.wattle.id.au>
"
" On 5/08/2011 7:29 PM, Sandwich Maker wrote:
" > solaris 8, ipf 3.4.35.
" >
" > is it possible to construct a rule which allows incoming port 20
" > [ftp-data] -only- when an outgoing port 21 [ftp] connection is active?
" > anyone have an example?
"
" You have to use the NAT proxy.
"
" .e.g.
"
" map bge0 0/0 -> 0/32 proxy port ftp ftp/tcp

big surprise - worked like a champ.

thanks darren!
________________________________________________________________________
Andrew Hay the genius nature
internet rambler is to see what all have seen
***@an.bradford.ma.us and think what none thought
Loading...