From owner-freebsd-net  Thu Dec 27  1:33: 4 2001
Delivered-To: freebsd-net@freebsd.org
Received: from hawk.prod.itd.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22])
	by hub.freebsd.org (Postfix) with ESMTP id AADBA37B419
	for <freebsd-net@freebsd.org>; Thu, 27 Dec 2001 01:33:00 -0800 (PST)
Received: from dialup-209.245.143.185.dial1.sanjose1.level3.net ([209.245.143.185] helo=blossom.cjclark.org)
	by hawk.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16JWuC-0006fS-00; Thu, 27 Dec 2001 01:32:56 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fBR9WZ004478;
	Thu, 27 Dec 2001 01:32:35 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 27 Dec 2001 01:32:35 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: alexus <ml@db.nexgen.com>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: jail & ftp
Message-ID: <20011227013235.G2090@blossom.cjclark.org>
References: <000d01c18e8c$81e15b40$0100a8c0@alexus>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000d01c18e8c$81e15b40$0100a8c0@alexus>; from ml@db.nexgen.com on Wed, Dec 26, 2001 at 11:11:06PM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Wed, Dec 26, 2001 at 11:11:06PM -0500, alexus wrote:
> Hello
> 
> I'm not quite sure if I'm posting to right list but I'll try anyway, all
> right here it goes..
> 
> I have set up jail and inside of this jail i run ftp (proftpd) using ipf i
> was able to forward all traffic for port 21 and 20 to my jail cell, however
> it only works if person uses PORT mode instead of PASV mode, many people
> prefer/uses PASV mode.
> 
> here is the question:
> 
> does anyone knows or even is it possible to make it work in PASV mode
> instead of PORT?

Sure. Why are you using ipf(8) (well, I guess ipnat(8) actually) to
forward connections to the jail? Why don't you give the jail the IP
address that people are trying to connect to? This makes the NAT games
unecessary.
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message