Linked by Thom Holwerda on Wed 20th Sep 2006 21:03 UTC, submitted by Jason Dixon
OpenBSD Pre-orders for OpenBSD 4.0 are now available in the online store. Five architectures on three CDs in a soft-shell DVD case. Check out the highlights of OpenBSD 4.0. This new release adds support for many wireless chipsets, as well as support for the UltraSPARC III, and much, much more.
Thread beginning with comment 164222
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Try it
by tomfitzyuk on Thu 21st Sep 2006 12:20 UTC in reply to "RE: Try it"
tomfitzyuk
Member since:
2006-01-25

--- On a workstation I don't see why this matters in any way. ---
Despite how it's just a workstation, doesn't mean I'm going to want it much less secure than that of a server. I would prefer to have one outgoing port open for FTP rather than 20,000.

--- On a firewall you'd use ftp-proxy for this. Well, you could probably use ftp-proxy on a workstation too but why bother? ---
I know ftp-proxy would be used for a firewall, to allow machines behind the firewall to use FTP properly; however, ftp-proxy doesn't allow the actual machine with PF (be that a firewall machine, or a workstation with PF) to access FTP properly.

I tried redirecting packets from 127.0.0.1 port 21 to 127.0.0.1 port 8021 (the port on which ftp-proxy listens) but this never worked.

I know it's not much of a problem, I'd just prefer to only have the neccessary ports open.

As to why I'm running PF on a workstation, I'm going to uni in a week and they only allow one computer connected to their network, meaning no firewall machine... and since I need a firewall, it must be on the workstation.

Reply Parent Score: 1

RE[3]: Try it
by koen on Thu 21st Sep 2006 12:48 in reply to "RE[2]: Try it"
koen Member since:
2005-11-15

if your university only allows 1 machine connected, just set up a local lan and mask it properly from your univ's network? i can't imagine your univ's admin checking each dorm room and counting all the appliances that can be networked.

if you insist on having a single workstation doing everything, and insist on having a 'secure' way of doing ftp, you're indeed bound to use the ftp-proxy locally (i never tried this, but i'm very sure it's perfectly possible to do)

Reply Parent Score: 1

RE[4]: Try it
by tomfitzyuk on Thu 21st Sep 2006 13:04 in reply to "RE[3]: Try it"
tomfitzyuk Member since:
2006-01-25

I have considered using two machines and masking it, but I'd rather not risk it.

I have tried running ftp-proxy locally but this doesn't seem to work (at least the method I tried):
rdr proto tcp from 127.0.0.1 port ftp -> 127.0.0.1 port 8201 (IIRC)

If you have idea how it could work locally, I'd be grateful if you told me, either through OSNews or replying to my post on misc (though it doesn't seem to have gone through yet).

Reply Parent Score: 1