From owner-freebsd-questions@FreeBSD.ORG Thu Sep 8 11:55:54 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF74116A421 for ; Thu, 8 Sep 2005 11:55:54 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A5B443D45 for ; Thu, 8 Sep 2005 11:55:53 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.13.1/8.13.1) with SMTP id j88Btqhf095794 for ; Thu, 8 Sep 2005 13:55:52 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <00f101c5b46c$2da6f030$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD Questions" Date: Thu, 8 Sep 2005 13:55:16 +0200 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (ns.pro.sk [192.168.1.1]); Thu, 08 Sep 2005 13:55:52 +0200 (CEST) Subject: IPFW2+NATD stateful rules VS. FTP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Sep 2005 11:55:55 -0000 Hello everybody, please can anybody help me with ipfw rules? My machine is acting as firewall/router/www-proxy/ftp-proxy for small LAN. It does not work as ftp-server. I set my ipfw2 rules exactly as in section "25.6.5.7 An Example NAT and Stateful Ruleset" Ex.2 from handbook. Everything works well except miserable ftp. I just installed ports/jftpgw to be an transparent proxy for internal LAN but still without success. I understand all rules in those example, but I do not know where should I place fwd rule(s). Ftp depends on two ports 20 and 21. So i assume there should be two fwd rules semewhere in the ruleset. Please, where should I place those rules? Or is it better to use /etc/nad.conf to redirect all incomming connections on ports 20 and 21 to localhost? Any help is *very* appreciated :-) Peter Rosa P.S. Please consider adding such rules into mentioned example in handbook. I think a lot of users will welcome such addition. I spent four days on Goooogle before writing here and I did not find anything helpful.