From owner-freebsd-questions Tue Feb 25 13:50:13 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D2D337B401 for ; Tue, 25 Feb 2003 13:50:11 -0800 (PST) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BF8143FB1 for ; Tue, 25 Feb 2003 13:50:07 -0800 (PST) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198] (may be forged)) by be-well.ilk.org (8.12.7/8.12.7) with ESMTP id h1PLo3QI017500 for ; Tue, 25 Feb 2003 16:50:03 -0500 (EST) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.7/8.12.6/Submit) id h1PLo3kL017497; Tue, 25 Feb 2003 16:50:03 -0500 (EST) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f To: freebsd-questions@FreeBSD.ORG Subject: Re: Input on solution to temporary routing References: <20030223235029.GB9202@deter.dk> From: Lowell Gilbert Date: 25 Feb 2003 16:50:03 -0500 In-Reply-To: <20030223235029.GB9202@deter.dk> Message-ID: <4465r8hvxw.fsf@be-well.ilk.org> Lines: 22 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Morten Grunnet Buhl writes: > > opensesamy 192.168.0.2 ftp > > which would then temporary route outside ftp connections to 192.168.0.2. You could do something like this, but it wouldn't work for more than one inside box at a time. As far as the rest of the world is concerned, there is only one machine in your network (assuming you only have one global IP address). FTP is particularly hard, because it uses multiple TCP connections, and passes the port number for the data connection *inside* the control connection, so it doesn't mix well with packet-filtering firewalls anyway. Unless you really know what you're doing, I'd advise staying away from FTP with this sort of thing. For protocols that stick to a single port, it's easier. For protocols that can use any port, it's easier yet -- but whoever's connecting from the outside needs to know what it is. For example, you could use natd to redirect external port 8001 to the web server of inside host number 1, 8002 to the web server of inside host number 2, and so on. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message