[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-ipfw
Subject:    Re: Contracted firewall hack
From:       Tony Landells <ahl () austclear ! com ! au>
Date:       2000-01-31 21:24:03
[Download RAW message or body]

> The application in question communicates over TCP port 1500, whence it
> requests a port for parts of the traffic sort of like what FTP does.

So have we--Sterling Commerce's CONNECT:Mailbox, which uses 10020 & 10021.

> We would be willing to pay to have a custom modification to the IPFW
> code which allows us to do this in a sensible manner.

Our sensible manner is:

cmhost=192.83.119.201/32	# IP address of CONNECT:Mailbox host
cm_cmd=10021			# CONNECT:Mailbox command channel, like FTP 21
cm_data=10020			# CONNECT:Mailbox data channel, like FTP 20

$fwcmd add pass tcp from any to ${cmhost} ${cm_cmd} setup
$fwcmd add pass tcp from ${cmhost} ${cm_data} to any setup

This follows all the normal stuff to do anti-spoofing, etc. and assumes
that there is a rule that says

$fwcmd add pass tcp from any to any established

I hope that helps,

Tony



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message


[prev in list] [next in list] [prev in thread] [next in thread]