From owner-freebsd-questions  Fri Dec 28  7:28:54 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.broadpark.no (mail.broadpark.no [217.13.4.2])
	by hub.freebsd.org (Postfix) with ESMTP id 9C40337B41A
	for <freebsd-questions@freebsd.org>; Fri, 28 Dec 2001 07:28:50 -0800 (PST)
Received: from ninja.amphex.com (ninja.amphex.com [217.13.29.51])
	by mail.broadpark.no (Postfix) with SMTP id 77D318016
	for <freebsd-questions@freebsd.org>; Fri, 28 Dec 2001 16:28:49 +0100 (MET)
Date: Fri, 28 Dec 2001 16:28:48 +0100
From: Johann Sharizan <johann@broadpark.no>
To: freebsd-questions@freebsd.org
Subject: Passive FTP/DCC behind a NAT-modem -- What ports do they go through?
Message-Id: <20011228162848.7f49a089.johann@broadpark.no>
X-Mailer: Sylpheed version 0.6.5 (GTK+ 1.2.10; i386--freebsd4.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello again,

Anyone here with an Cisco 677i-DIR ADSL-router running NAT between you and
you ISP. Which happens to requires a port redirection entry through telnet
each time you want to open a new port?

All ordinary daemons; SSHD, FTPD, BIND, Apache etc. works great;

ftpd/sshd:      set nat entry add 10.0.0.2 20-22 0.0.0.0 20-22 tcp
www:            set nat entry add 10.0.0.2 80 0.0.0.0 80 tcp
bind:           set nat entry add 10.0.0.2 53 0.0.0.0 53 tcp
identd:         set nat entry add 10.0.0.2 113 0.0.0.0 113 tcp

I'm a bit uncertain, however, when it comes to opening a port or range of ports
to get passive FTP mode working on my virtual ProFTPD server (port 2001), as well
as DCC in Irssi. I've heard those services go through the IANA-registered
ephemeral port-range (49152-65535);

sysctl net.inet.ip.portrange.hifirst
      /net.inet.ip.portrange.hilast

So I went ahead opening those ports as well. Just about to close them
though. Passive and DCC is not working. Incoming DCC file transfers are,
according to Irssi, coming from ports way lower -- i.e. 4384.

What do I open and what do I not?

Thanks.

Regards,
Johann

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message