From owner-freebsd-questions Tue Nov 13 6:32: 5 2001 Delivered-To: freebsd-questions@freebsd.org Received: from services.webwarrior.net (overlord-host99.dsl.visi.com [209.98.86.99]) by hub.freebsd.org (Postfix) with ESMTP id 6B66837B416 for ; Tue, 13 Nov 2001 06:31:57 -0800 (PST) Received: from twincat.vladsempire.net (hutch-748.hutchtel.net [206.10.71.48]) by services.webwarrior.net (Postfix) with ESMTP id 851AE33D for ; Tue, 13 Nov 2001 08:31:59 -0600 (CST) Received: by twincat.vladsempire.net (Postfix, from userid 1001) id 36F9D39C0; Tue, 13 Nov 2001 07:54:42 +0000 (GMT) Date: Tue, 13 Nov 2001 07:54:42 +0000 From: Josh Paetzel To: Thor Legvold Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw/natd & ftp Message-ID: <20011113075441.A9434@twincat.vladsempire.net> Mail-Followup-To: Thor Legvold , freebsd-questions@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from tlegvold@hotmail.com on Tue, Nov 13, 2001 at 09:07:40AM +0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Nov 13, 2001 at 09:07:40AM +0000, Thor Legvold wrote: > I've read through the docs, but haven't been able to solve this seemingly > simple problem: > > FBSD 4.4-STABLE box as gateway to internet (running ipfw/natd), serving 3 > PC's, one running Win98SE, one running WinXP and one running NextStep 3.3 > > >From FBSD box I can ftp from command line and download via browser > (Konquerer, Mozilla) without problem. From Win98SE/XP/NextStep I can browse > (http), but cannot ftp. I've tried both from command line and from browser > (and ftp app "Yftp" on Next). 98SE has IE 5.5, XP has 6.0, NS runs OmniWeb > 2.2. > > I though it was the problem I read about using "passive" transfers because > of the firewall (I can log into the ftp server, but cannot dir/ls or get or > anything else). However, when I open the firewall (add pass all from any to > any), it still doesn't work. So I wonder if NAT might play a part in the > problem, and wonder what I should try next. > > Regards, > Thor I am using a 4.4-STABLE machine running natd/ipfw as the gateway for 3 other FreeBSD machines. None of the machines have any problems accessing ftp or any other service that I want them to for that matter. Perhaps if you posted your ruleset it would be a bit easier to tell what's wrong. Keep in mind that ftp really doesn't work if both the server and the client are behind firewalls. ;) I'll attach a copy of my ruleset so you can try it out or at least compare it to what you have. Josh --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=fwrules /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add allow ip from any to any via lo0 /sbin/ipfw add allow ip from any to any via ed0 /sbin/ipfw add allow tcp from any to any out xmit tun0 setup /sbin/ipfw add allow tcp from any to any via tun0 estab /sbin/ipfw add allow tcp from any to any 22 setup /sbin/ipfw add allow tcp from any to any 80 setup /sbin/ipfw add allow udp from any to any out xmit tun0 /sbin/ipfw add allow udp from any to any in recv tun0 /sbin/ipfw add allow tcp from any to any 113 out xmit /sbin/ipfw add allow tcp from any to any 113 via tun0 /sbin/ipfw add 65434 allow icmp from any to any /sbin/ipfw add 65435 deny ip from any to any --gBBFr7Ir9EOA20Yy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message