From owner-freebsd-questions  Thu Dec 27 14: 8:33 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by hub.freebsd.org (Postfix) with ESMTP id 7F02637B416
	for <freebsd-questions@FreeBSD.ORG>; Thu, 27 Dec 2001 14:08:25 -0800 (PST)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id fBRM61K80836;
	Thu, 27 Dec 2001 19:06:02 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Thu, 27 Dec 2001 19:06:01 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To: Darryl Hoar <darryl@osborne-ind.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: ftp & FreeBSD firewall
In-Reply-To: <000001c18f1f$8fa66750$0701a8c0@darryl>
Message-ID: <20011227190259.S79964-100000@cactus.fi.uba.ar>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 27 Dec 2001, Darryl Hoar wrote:

> Greetings,
> I built a Freebsd firewall according to the instructions at
> http://www.schlacter.net:8500/public/FreeBSD-STABLE_and_IPFILTER.html
>
> The firewall/router is working fine.
>
> My network consists mostly of Windows PC's.  Since I've put the firewall
> in place, they have been unable to use ftp to retrieve files from the web.
> I have tried cuteftp, ws_ftp and microsofts ftp clients on these windows
> machines.  I have set them up to use passive , but the firewall settings
> in these clients don't make sense.
>
> What do I need to do to safely let my Windows users use ftp to retrieve/put
> files on the internet ?

If you are using ipf, you can use ipnat's built in ftp proxy. Just add a
line

map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp

to the top of your ipnat.rules file (change xl0 to match your external
interface).

and then reload the nat rules:

# ipnat -FC -f /etc/ipnat.rules




				Fer


>
> I can't update all the pc's to FreeBSD, at least not yet.
>
> thanks for ideas,
>
> Darryl
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message