Date: Wed, 07 May 2003 10:04:12 -0700 From: Ryan <soulburner@air-internet.com> To: freebsd-questions@FreeBSD.ORG Subject: natd -punch_fw opening incorrect ports Message-ID: <3EB93C8C.5000902@air-internet.com>
next in thread | raw e-mail | index | archive | help
First off, some info about my setup: FreeBSD version: 4.8-RELEASE natd.conf: interface an0 use_sockets yes same_ports yes punch_fw 60:20 ipfw2 rules (simplified for the sake of this message): add 50 divert natd ip from any to any via an0 add 100 check-state add 150 deny tcp from any to any established add 200 allow udp from me to any 53 keep-state add 250 allow tcp from me to any 21 setup keep-state add 300 deny ip from any to any Now for the problem that I'm seeing. Sitting at the firewall box (not an internal host, has a public IP), I'm unable to establish any active FTP connections. With debugging output turned on for FTP, I see this: ftp> dir ---> PORT 12,28,133,X,192,32 200 PORT command successful. ---> LIST 550 Cannot connect to 12.28.133.X:50535 - Operation timed out. ftp> close ---> QUIT ftp> quit I then check my ipfw rules to see which port natd opened, and I see: 60 allow tcp from 12.28.133.X 49184 to 62.243.72.50 dst-port 20 60 allow tcp from 62.243.72.50 20 to 12.28.133.X dst-port 49184 Maybe I'm not understanding how punch_fw works, but I see natd opening port A, but FTP trying to use port B. I've looked for everything I could find regarding natd/punch_fw, but nothing relating to the problem that I described. Also, no ports are opened when trying passive FTP connections, with the same natd.conf/ipfw rules. I found a message relating to FreeBSD 4.4 not opening ports for passive FTP, but also saw a patch which supposedly fixed the problem. I checked my 4.8 sources, and found the patched code. Any help would be greatly appreciated. Thanks. Ryan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EB93C8C.5000902>