From owner-freebsd-questions Mon Jan 17 8:33:52 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.rdc1.tn.home.com (ha1.rdc1.tn.home.com [24.2.7.66]) by hub.freebsd.org (Postfix) with ESMTP id 0736C14CC7 for ; Mon, 17 Jan 2000 08:33:37 -0800 (PST) (envelope-from williamsl@Home.Com) Received: from RELIABLE ([24.4.115.31]) by mail.rdc1.tn.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000117163332.JRWS9818.mail.rdc1.tn.home.com@RELIABLE>; Mon, 17 Jan 2000 08:33:32 -0800 Date: Mon, 17 Jan 2000 11:33:35 -0500 From: Ben WIlliams X-Mailer: The Bat! (v1.34a) UNREG / CD5BF9353B3B7091 Reply-To: Ben WIlliams X-Priority: 3 (Normal) Message-ID: <5481.000117@Home.Com> To: FreeBSD-Questions Cc: "Christian Taylor" Subject: Re[2]: Private network + IP-Filter + IP-NAT + internal ftpd In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Christian, Monday, January 17, 2000 Thanks for the quick info on ICQ! I'll be looking into that when I get time. (hehe..yeah..then!) Unfortunately that's a side issue right now with the NAT'ed ftpd being my primary concern. Any other takers? Monday, January 17, 2000, 8:14:36 AM, you wrote: CT> For ICQ, simply install the socks5 port, and tell ICQ you're using a socks5 CT> firewall, pointing it to the address of your NAT box. I do this, and it CT> works perfectly for me. CT> -Christian >> -----Original Message----- >> From: owner-freebsd-questions@FreeBSD.ORG >> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Ben WIlliams >> Sent: Monday, January 17, 2000 7:11 AM >> To: FreeBSD questions >> Subject: Private network + IP-Filter + IP-NAT + internal ftpd >> >> >> Monday, January 17, 2000 >> As the subject suggests I am connected to the internet from a private >> network (192.168.0.0 address space) through a FreeBSD 3.2-RELEASE box with >> two NICs (one for the inside, one for the out) which is running ipf >> ( IP-Filter http://coombs.anu.edu.au/~avalon/ip-filter.html ) and ipnat to >> get me out. What I want to do now is set up an ftp server on one of my >> internal boxes to be reachable by someone else on the net behind >> an unknown >> firewall. >> I am on the @Home network and as such I cannot run >> daemons on their >> standard < 1023 ports due to some questionable network policies decreed by >> @Home so I have to redirect some_high_port on the external interface to my >> ftp port in the internal machine to get connections to the server. >> This works well for someone NOT behind a firewall using active ftp >> sessions. Passive ftp sessions break possibly due to the fact that ipnat >> doesn't know it's dealing with an ftp connection and libalias >> can't take the >> appropriate steps to ensure the FTP connection goes through. >> This does not work at all for someone behind a firewall >> because the PORT >> command chokes with a "530 Only client IP..", PASV breaks because >> you can't >> route 192.168.0.0 on the net and if I tell the server to issue the outside >> address for PASV it fails as well because my NAT box doesn't know it's >> speaking FTP. >> >> I need to know how to either hack libalias to acknowledge FTP >> connections >> on a non-standard port, how to set up ipf/ipnat rules to enable >> either active >> or passive FTP connections on a non-standard port or any other way I could >> get this setup working without putting the outside port number >> down where it >> belongs. >> >> I have already perused the list archives and I haven't found >> much helpful >> info for getting back in on redirected (non-standard) ports for FTP. >> >> TIA, >> -- >> Ben mailto:williamsl@Home.Com >> >> PS -- If anyone has any pointers on getting ICQ to do direct connections >> (chat, file x-fer, etc) in the same configuration >> ( myhost <-> NAT <-> 'net <-> firewall <-> otherhost ) >> I would appreciate any info you can give me! >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> CT> To Unsubscribe: send mail to majordomo@FreeBSD.org CT> with "unsubscribe freebsd-questions" in the body of the message -- Ben mailto:williamsl@Home.Com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message