From owner-freebsd-questions Mon Dec 6 11:13:38 1999 Delivered-To: freebsd-questions@freebsd.org Received: from www.menzor.org (themoonismadeofgreenchease.dk [195.249.147.160]) by hub.freebsd.org (Postfix) with ESMTP id 9FC8B15BEA for ; Mon, 6 Dec 1999 11:12:34 -0800 (PST) (envelope-from morten@seeberg.dk) Received: from SOS (fwuser@gw.danadata.com [194.239.79.3]) by www.menzor.org (8.8.8/8.8.8) with SMTP id UAA15159 for ; Mon, 6 Dec 1999 20:16:54 +0100 (CET) (envelope-from morten@seeberg.dk) Message-ID: <035f01bf4013$7530ec40$1600a8c0@SOS> Reply-To: "Morten Seeberg" From: "Morten Seeberg" To: Subject: natd and redirect_port Date: Mon, 6 Dec 1999 18:58:08 +0100 Organization: SWAMP MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.5600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I have a BSD with a "real" IP. I want it to forward port 666 from the external IP to an Internal FTP server running on port 666 (running Windows Serv-U - I have no influence on this machine :) ) The BSD is not running IPFIREWALL, just natd. When configured as below, the only thing I can do, is connect to the FTP from machines with real IP adresses and not using passive FTP. This probably works, because the internal FTP can open data-ports with no restrictions to the machine on the Internet. But whenever a client behind a firewall some place tries, it wount work, because then the internal FTP isnīt allowed to communicate on other ports to the client. This is where passive FTP comes into the picture as far as I understand, this means, that every port that needs to be opened to the FTP will be opened from the client. So, i I ran a TCPDUMP on the BSD on the external interface, and tried to connect to the internal FTP using passive FTP, login and password no problems. Then I tried to do a LS, and thought this is where id probably see some new ports opening, but I didnt??? So how is this done??? The 3.3-RELEASE is configured with this: firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="open" natd_enable="YES" natd_flags="-f /etc/rc.natd" natd_interface="ed1" and rc.natd: use_sockets same_ports redirect_port tcp 192.168.2.101:666 666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /\/\orten $eeberg, Systems Consultant @ Merkantildata - Enterprise Solutions #echo 'System Administrators suck :)' > /dev/console To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message