[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ftp woes

On Wednesday, May 28, 2003, at 09:39 US/Pacific, Bryan Irvine wrote:

editing resolv.conf to not do remote lookups fixed the long login issue.
Is there another way?

I looked around (quickly) for a way to prevent ftpd from doing the lookups
in the first place, but I didn't see anything. Perhaps someone else knows.

my pass out rules are here:
pass out on $WAN inet proto { tcp, udp } all keep state
pass out on $WAN inet proto tcp modulate state

Wouldn't the top one keep the state with the dns server?

Yes. Is there any rule on $DMZ that would block it first? Or fail to create state?

Should I change modulate state to keep state?

modulate is fine there. Note that the top rule only needs to be for udp,
since the second one will always be used for tcp (it matches last).