From owner-freebsd-questions  Wed Jun  5 19:26:27 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail019.syd.optusnet.com.au (mail019.syd.optusnet.com.au [210.49.20.160])
	by hub.freebsd.org (Postfix) with ESMTP id C70A937B406
	for <questions@freebsd.org>; Wed,  5 Jun 2002 19:26:22 -0700 (PDT)
Received: from webmail03.syd.optusnet.com.au (webmail03.syd.optusnet.com.au [203.2.75.236])
	by mail019.syd.optusnet.com.au (8.11.1/8.11.1) with ESMTP id g562Q7N13430;
	Thu, 6 Jun 2002 12:26:18 +1000
Message-Id: <200206060226.g562Q7N13430@mail019.syd.optusnet.com.au>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Mime-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Received: from  [203.13.126.19] as user satare@optusnet.com.au by
    webmail.optusnet.com.au with HTTP;
From: Michael Ross <satare@optusnet.com.au>
To: Mark-Nathaniel Weisman <mark@outlander.us>
Cc: questions@freebsd.org
Date: Thu, 06 Jun 2002 12:26:07 +1000
Subject: Re: More Natd?
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> Mark-Nathaniel Weisman <mark@outlander.us> wrote:
>     #redirect_port tcp 10.0.0.1:http 80
>     #redirect_port tcp 10.0.0.1:https 443
>     #redirect_port tcp 10.0.0.1:ftp-data 20
>     #redirect_port tcp 10.0.0.1:ftp 21
> 
> Obviously without the hashmarks, and without quote marks however, my
> port 21 redirect does not work. Any ideas?

afaik, your port 21 redirect will not work because you are
trying to do nat on ftp. The problem if I remember right is
that when people transfer files in "active-ftp" mode, the ftp
daemon opens another port number to talk back to the person 
via.

The new port should be able to connect out to the user by
will not allow the user to connect back in (because it isn't
being nat'd)

how to solve it is to run passive ftp.. or you might be able
to look at dynamic rules under ipfw.. not sure on the dynamic
rules part though.

hope this helps,

Michael Ross 
satare@optusnet.com.au

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message