From owner-freebsd-newbies@FreeBSD.ORG Sun Feb 20 02:58:07 2005 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78BE816A4CE for ; Sun, 20 Feb 2005 02:58:07 +0000 (GMT) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id E33CC43D49 for ; Sun, 20 Feb 2005 02:58:06 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [69.27.131.0] ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 19 Feb 2005 20:58:07 -0600 Message-ID: <4217FCBB.4050001@daleco.biz> Date: Sat, 19 Feb 2005 20:58:03 -0600 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.3) Gecko/20041210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: crzdgns1@starpower.net References: <8272bee3.d08cf70f.81b8900@ms07.mrf.mail.rcn.net> In-Reply-To: <8272bee3.d08cf70f.81b8900@ms07.mrf.mail.rcn.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 20 Feb 2005 02:58:08.0141 (UTC) FILETIME=[016AE3D0:01C516F8] cc: freebsd-newbies@freebsd.org Subject: Re: FTP Client and IPFilter X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2005 02:58:07 -0000 crzdgns1@starpower.net wrote: >Hello, > >This ia a slightly longer post and I am not sure if it belongs >here or in freebsd-questions. If it belongs in >freebsd-questions, please let me know and I will post it >there. Now then... > > Ths list charter is at: http://lists.freebsd.org/mailman/listinfo/freebsd-newbies >I think I am beginning to accept the fact that I can't read, >so I'll just state that condition from the beginning. I have >installed FreeBSD-5.3-RELEASE and use IPFilter as my firewall. > >I have only one machine, with a cable modem connection to the >internet. I have been following the directions in the >Handbook, or so I thought, until yesterday. Yesterday I >posted a message here titled something like "Which FTP do I >have?" and received many helpful replies. Thank you! My FTP >client still doesn't work and the reason it doesn't work is, I >believe, I didn't follow the directions, which I discovered >upon further reading of the handbook last night. > >My questions for today are mostly for clarification of what is >written in the handbook, starting at section 24.5.18, Enabling >IPNAT. I do not currently have IPNAT enabled. Given that I >am a homeuser with only one machine, must I have IPNAT enabled >for FTP to work properly? The ipf.rules in the handbook seem >to indicate so, but I would appreciate confirmation. > > I wouldn't think so. No network, no _N_etwork _A_ddress _T_ranslation should be necessary. Keep in mind (although it's maybe a big assumption on my part), that in that particular example the machine is serving as a gateway... > <> > Secondly, the first rule in section 24.5.18 enables the > computer as a gateway. I was under the impression that it is > wisest not to use this rule unless you genuinely intend to use > the machine in question as a gateway. Am I correct? If so, > can I leave the first rule out and just include the second and > third rules and still expect the IPNAT FTP proxy to function? > > Thirdly, I am trying to follow the directions, believe it or > not. Assume for the moment that I use all three rules listed > in 24.5.18 of the handbook. Since I have only one computer, > can I then skip directly to section 24.5.21.1, IPNAT Rules, > add the three rules there, and then have a reasonable > expectation that FTP will work properly from behind my > firewall? Again, I am using the ipf.rules listed in the handbook. > > Thanks, > > Mark I had a rather lengthy interspered reply, then I realized that because I had a bad encounter with someone today, I was writing as if I would take it out on you. That would be wrong, although it's occasionally seen on the lists. I'd suggest you send a detailed mail to questions@ at with your ruleset and a description of what's happening (e.g., I did this, *this*, and then **this**, and _this_, __this__, and then ___this___ happened, but my result differed from what I expected in {{this way}} .... ) Does FTP work properly without your firewall? Have you attempted to turn passive mode off during the FTP session? That's a rather common reason that FTP clients have trouble with firewalls, and AFAIK it's mentioned in that same chapter.... Kevin Kinsey