Subject: Re: IPFilter and passive FTP Servers
To: None <>
From: Jim Breton <>
List: netbsd-users
Date: 11/27/2002 02:07:37
On Tue, Nov 26, 2002 at 09:44:55AM -0500, Sam Carleton wrote:
> I have installed wu-ftp on a machine behine the NetBSD firewall.

Strike one! ;)

> configured wu-ftp to use ports 15000 through 19999 for passive FTP.  Now
> I need to figure out how to configure the firewall.  I believe I have
> the ipf.conf config correct:

An FTP server is not something I'd be happy about putting behind my
firewall, because forwarding to it is such a mess (basically you'd want to
use an ftp proxy on the firewall).

And wu-ftpd is not something I'd be happy about putting _anywhere_.

However, rather than get involved in that, may I instead offer the
following suggestions:

1. choose a better (in terms of security) ftp server, e.g., vsftpd;
2. run the ftp server on the firewall itself instead.

(Assuming you even need FTP at all.. avoid it entirely if it is really not
necessary for whatever you're doing.)