From owner-freebsd-questions Sun Mar 17 0:22:20 2002 Delivered-To: freebsd-questions@freebsd.org Received: from smtp015.mail.yahoo.com (smtp015.mail.yahoo.com [216.136.173.59]) by hub.freebsd.org (Postfix) with SMTP id 90D9637B400 for ; Sun, 17 Mar 2002 00:22:14 -0800 (PST) Received: from donniejones18 (AUTH login) at 12-220-244-231.client.insightbb.com (HELO Kaiser) (donniejones18@12.220.244.231) by smtp.mail.vip.sc5.yahoo.com with SMTP; 17 Mar 2002 08:22:14 -0000 Date: Sun, 17 Mar 2002 03:22:15 -0500 From: Donnie Jones To: Marco Radzinschi Cc: freebsd-questions@freebsd.org Subject: Re: ftp server and freebsd gateway ( ipnat ) Message-Id: <20020317032215.477f7bdd.donniejones18@yahoo.com> In-Reply-To: <20020316132946.N61193-100000@mail.radzinschi.com> References: <20020316013151.12f9b698.donniejones18@yahoo.com> <20020316132946.N61193-100000@mail.radzinschi.com> X-Mailer: Sylpheed version 0.6.6 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That seems great, but I am needing to set up redirections for more than one ftp server behind the BSD gateway.... Your setup is for only one ftp server, right? If you look at the way I am redirecting on the ports it is to allow for a client to connect to the individual ftp servers behind the BSD gateway. Thanks for the help. Any other ideas? -Donnie Jones On Sat, 16 Mar 2002 13:42:40 -0500 (EST) Marco Radzinschi wrote: > > I have a FreeBSD server behind an OpenBSD gateway/firewall, and it works > fine. The only caveat is that clients must use ACTIVE FTP mode, not > passive. > > If you read up on how passive FTP works, you will find that the > client connects to a random high port on the server, which your gateway is > not forwarding to the FTP servers. > > The only problem I can see with your setup is that in active mode, the FTP > servers open up a connection to port 20 on the client. Their firewall > may not be letting port 20 in, in which case active mode will not work for them. > > If the clients are behind a firewall, they will not be able to connect to > your FTP servers unless their firewall has an FTP-PROXY to allow active > FTP connections. > > I will paste the rules on my OpenBSD box below, which work perfectly, with > the exception of clients behind firewalls. My apologies for this being in > OpenBSD NAT syntax, but it is almost identical to FreeBSD. > > nat on xl0 from 192.168.1.0/24 to any -> xl0 > rdr on xl0 proto tcp from any to any port 21 -> 192.168.1.2 port 21 > > I would check that your FTP servers can make outbound connections on port > 20, and that your users are not connecting from behind firewalls without > an FTP-PROXY set up. > > Marco Radzinschi > > E-Mail: marco@radzinschi.com > AOL IM: CrackedBoy > > > On Sat, 16 Mar 2002, Donnie Jones wrote: > > > > > Hey all. > > > > I am having some problems with people connecting to my ftp servers behing my FBSD gateway. > > > > I am using ip nat for my LAN with 3 hosts running ftp servers behing the FBSD gateway. > > > > IP Addresses for LAN ftp servers: > > > > 192.168.0.5 -- 1st ftp server > > 192.168.0.6 -- 2nd ftp server > > 192.168.0.7 -- 3rd ftp server > > > > To access these ftp servers I am using ip nat's port redirection: > > > > rdr fxp0 12.220.244.231/32 port 13005 -> 192.168.0.5 port 21 # 1st ftp server > > > > rdr fxp0 12.220.244.231/32 port 13006 -> 192.168.0.6 port 21 # 2nd ftp server > > > > rdr fxp0 12.220.244.231/32 port 13007 -> 192.168.0.7 port 21 # 3rd ftp server > > > > By doing this, a person using ftp can connect to my IP Address at that specific port and then it gets redirected to the correct ftp server behind the FBSD gateway on the LAN. > > > > Now, this works for some ftp clients, but most of them, especially windows clients, have issues with getting the "list" for their directories, and it just stalls. Eventually, the client will timeout and they are disconnected, therefore, preventing any files to be transferred. > > > > I am not sure what else can be done to fix this. I've tried having the clients use active and tried passive with no better results. > > > > Any ideas on things to try to solve this would be wonderful. > > > > I have attempted to set up an ftp proxy, but I was confused in how to use the program jftpgw. > > > > If anyone has had success with this program, a sample jftpgw.conf, other than the one that comes with the program, or some url's for online docs would be great for me to look at. > > > > Also, part of the reason I am asking is that this seems to be a big problem for other users also, and there is not very much documentation available for explanations on how to fix these issues. > > > > So, I would like to write up a "howto" to facilitate others in this, with the help I receive from this list. > > > > I have already written a "FBSD gateway howto" available at http://www.darthik.com, under the FreeBSD tab, if anyone would like to take a look at it and give me some comments. > > > > > > Thanks for your time, sorry about the length. > > > > -Donnie Jones _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message