[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-ipfw
Subject: Re: Contracted firewall hack
From: Tony Landells <ahl () austclear ! com ! au>
Date: 2000-01-31 21:24:03
[Download RAW message or body]
> The application in question communicates over TCP port 1500, whence it
> requests a port for parts of the traffic sort of like what FTP does.
So have we--Sterling Commerce's CONNECT:Mailbox, which uses 10020 & 10021.
> We would be willing to pay to have a custom modification to the IPFW
> code which allows us to do this in a sensible manner.
Our sensible manner is:
cmhost=192.83.119.201/32 # IP address of CONNECT:Mailbox host
cm_cmd=10021 # CONNECT:Mailbox command channel, like FTP 21
cm_data=10020 # CONNECT:Mailbox data channel, like FTP 20
$fwcmd add pass tcp from any to ${cmhost} ${cm_cmd} setup
$fwcmd add pass tcp from ${cmhost} ${cm_data} to any setup
This follows all the normal stuff to do anti-spoofing, etc. and assumes
that there is a rule that says
$fwcmd add pass tcp from any to any established
I hope that helps,
Tony
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic