From owner-freebsd-questions@FreeBSD.ORG Mon Jan 31 21:51:59 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE02416A4CE for ; Mon, 31 Jan 2005 21:51:59 +0000 (GMT) Received: from kende.com (ns1.kende.com [66.17.131.94]) by mx1.FreeBSD.org (Postfix) with SMTP id 18FA043D3F for ; Mon, 31 Jan 2005 21:51:59 +0000 (GMT) (envelope-from andras@kende.com) Received: (qmail 94741 invoked by uid 0); 31 Jan 2005 21:52:07 -0000 Received: from unknown (HELO a) (24.1.129.219) by ns1.kende.com with SMTP; 31 Jan 2005 21:52:07 -0000 From: "Andras Kende" To: "'eric wyzerski'" , Date: Mon, 31 Jan 2005 15:52:08 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcUH0S+2XHojGfsDQ66sh7PnVdfXkwACythg Message-Id: <20050131215159.18FA043D3F@mx1.FreeBSD.org> Subject: RE: Ftp behind firewall/nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 21:51:59 -0000 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of eric wyzerski Sent: Monday, January 31, 2005 2:11 PM To: freebsd-questions@freebsd.org Subject: Ftp behind firewall/nat Hi, For a whole day I tried to make an ftp who is behind the firewall to work but Im not able. My ipf rules are: pass in quick from any to any pass out quick from any to any So it is not a ipf problem. My ipnat rules are: map rl0 10.0.0.0/8 -> 0/32 rdr rl0 X.X.X.X/32 port 21 -> 10.1.1.6 port 21 tcp where X.X.X.X is my external IP, rl0 my external interface and 10.1.1.6 the ftp server. I am able to login and when I do the dir command its freeze. I have do tcpdump and I see the SYN packet goes but its never get answer. I really need help/advise Thank you and please CC me the answer because im not in the list Eric _________________________________________________________________ Take advantage of powerful junk e-mail filters built on patented MicrosoftR SmartScreen Technology. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=htt p://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSNR Premium right now and get the first two months FREE*. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hello, This setup is only working with active ftp connections.. It's freezing at dir command because it's trying to do a passive connection You would need to setup the ftp server for serve passive connections and ipnat to redirect in a range of ports something like: PassivePortRange 5000 5010 - ftpd config rdr rl0 X.X.X.X/32 port 5000 -> 10.1.1.6 port 5000 tcp rdr rl0 X.X.X.X/32 port 5001 -> 10.1.1.6 port 5001 tcp rdr rl0 X.X.X.X/32 port 500x -> 10.1.1.6 port 500x tcp Or use only active ftp connections.. Andras Kende http://www.kende.com