From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 10 14:44:31 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 609A216A41F for ; Sat, 10 Sep 2005 14:44:31 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68B2643D48 for ; Sat, 10 Sep 2005 14:44:29 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.13.1/8.13.1) with SMTP id j8AEiS4b005112 for ; Sat, 10 Sep 2005 16:44:28 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <001501c5b616$0fb62c20$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD IPFW" Date: Sat, 10 Sep 2005 16:43:51 +0200 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (ns.pro.sk [192.168.1.1]); Sat, 10 Sep 2005 16:44:28 +0200 (CEST) Subject: IPFW2+NAT stateful rules VS. FTP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2005 14:44:31 -0000 Hello everybody, please can anybody help me with ipfw rules? My machine is acting as firewall/router/www-proxy/ftp-proxy for small LAN. It does not work as ftp-server. It does NAT for internal LAN. I set my ipfw2 rules exactly as in section "25.6.5.7 An Example NAT and Stateful Ruleset" Ex.2 from handbook. Everything works well except miserable ftp. I just installed ports/jftpgw to be an transparent proxy for internal LAN but still without success. I understand all rules in those example, but I do not know where should I place fwd rule(s). Ftp depends on two ports 20 and 21. So i assume there should be two fwd rules semewhere in the ruleset. Please, where should I place those rules? Or is it better to use /etc/nad.conf to redirect all incomming connections on ports 20 and 21 to localhost? Any help is *very* appreciated :-) Peter Rosa P.S. Please consider adding such rules into mentioned example in handbook. I think a lot of users will welcome such addition. I spent four days on Goooogle before writing here and I did not find anything helpful.