Currently using FreeBSD 7.2-Release with all ports up to date as my firewall.
I've got Passive & Active ftp working from behind my firewall, however I had issues using any ftp clients from the firewall itself.
My default rule is to block out all outbound traffic, and to only open certain ports (anything required for work). This means that p2p apps (BBC iPlayer included) are prevented from being used.
After some investigating it struck me that any connections from the firewall box are sent straight out the default gateway, and don't hit the redirect rule in pf.conf. (Duh)
A suggestion on another site advised me to add the following rule to my pf.conf:
This allows ftp, but also means that my nice restrictive firewall has a gaping big hole in it.
Excuse my ignorance, but is there any way I can modify this rule that allows traffic from the firewall box out on the WAN, but still restricts traffic from the LAN going out on the WAN?
Many thanks,
John
I've got Passive & Active ftp working from behind my firewall, however I had issues using any ftp clients from the firewall itself.
My default rule is to block out all outbound traffic, and to only open certain ports (anything required for work). This means that p2p apps (BBC iPlayer included) are prevented from being used.
After some investigating it struck me that any connections from the firewall box are sent straight out the default gateway, and don't hit the redirect rule in pf.conf. (Duh)
A suggestion on another site advised me to add the following rule to my pf.conf:
Code:
pass out on $ext_if inet proto tcp from any to any port >1023
This allows ftp, but also means that my nice restrictive firewall has a gaping big hole in it.
Excuse my ignorance, but is there any way I can modify this rule that allows traffic from the firewall box out on the WAN, but still restricts traffic from the LAN going out on the WAN?
Many thanks,
John