Date: Tue, 11 Apr 2000 23:37:52 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Scott Graves <sgraves66@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD and IPFW Message-ID: <20000411233752.B31270@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <38F3BFB3.71F840FA@home.com>; from sgraves66@home.com on Tue, Apr 11, 2000 at 07:13:39PM -0500 References: <38F3BFB3.71F840FA@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 11, 2000 at 07:13:39PM -0500, Scott Graves wrote: > I recently switched from a Linux gateway to FBSD 4.0. With Linux I had > IP masquerading enabled (similar to NAT) and basically openned only the > IP ports which were used by my employees. > > With FBSD, by default, no incomming connections are allowed. I have > successfully enabled WWW, DNS, SMTP, POP3 and RealAudio through the FBSD > gateway machine running NATD. However, after openning ports 20 and 21 > for FTP access, I receive this error when trying to list ftp dir > contents: > > Apr 11 18:30:45 gateway natd[114]: failed to write packet back > (Permission denied) > > I am able to connect to FTP sites, but not dn/up or list files without > receiving this error. This is what I have in rc.firewall which should > allow for FTP access: > > # Allow FTP connections > ${fwcmd} add pass tcp from any to any 21 setup > ${fwcmd} add pass tcp from any to any 20 setup > > If I add: > > ${fwcmd} add pass tcp from any to any setup > > Everything works properly (of course). But I do not want to allow all > TCP connections to the internet. > What am I missing? Are you doing active FTP? In that case, the server is trying to connect to you from port 20. However, you should see the denied packets and not a 'failed to write packet back...' Unless there is some ordering to your rules that might cause that. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000411233752.B31270>