From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 13 15:32:40 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9674F16A420
	for <freebsd-questions@freebsd.org>;
	Thu, 13 Oct 2005 15:32:40 +0000 (GMT) (envelope-from cswiger@mac.com)
Received: from pi.codefab.com (pi.codefab.com [199.103.21.227])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 416D443D46
	for <freebsd-questions@freebsd.org>;
	Thu, 13 Oct 2005 15:32:39 +0000 (GMT) (envelope-from cswiger@mac.com)
Received: from localhost (localhost [127.0.0.1])
	by pi.codefab.com (Postfix) with ESMTP id 8F0375EC4;
	Thu, 13 Oct 2005 11:32:38 -0400 (EDT)
Received: from pi.codefab.com ([127.0.0.1])
	by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 82785-09; Thu, 13 Oct 2005 11:32:29 -0400 (EDT)
Received: from [192.168.1.3] (pool-68-161-76-130.ny325.east.verizon.net
	[68.161.76.130])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pi.codefab.com (Postfix) with ESMTP id 260745C70;
	Thu, 13 Oct 2005 11:32:29 -0400 (EDT)
Message-ID: <434E7E0F.3070304@mac.com>
Date: Thu, 13 Oct 2005 11:32:31 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Efren Bravo <efrenba@dhl.co.cu>
References: <WorldClient-F200510131114.AA14000055@dhl.co.cu>
In-Reply-To: <WorldClient-F200510131114.AA14000055@dhl.co.cu>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at codefab.com
Cc: freeBSD <freebsd-questions@freebsd.org>
Subject: Re: ftp problem -ipfw with natd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2005 15:32:40 -0000

Efren Bravo wrote:
> Hi,
> 
> I've problem with ipfw with natd to access from internal network to
> internet ftp sites. From fbsd box i can access to ftp sites.
> 
> vr0 = out interface
> 6.34.60.15 = mi pc (winXP)
> 8668 = natd <== Why on this rule ntad is tranlated to 8668?
> 
> My rules:
> ---------
> ...
> 00070 divert 8668 ip from any to any in via vr0

8668 is a local port which is commonly used for IPFW to redirect or divert 
traffic to natd, which is listening there.  You can change IPFW and natd to use 
another port number, which can even be useful if you want to run two copies of 
natd.

Anyway, to get FTP to work right through natd, you either need to use PASV 
(passive-mode FTP), or you need to put a punch_fw rule in your natd config 
file, like so:

punch_fw 10000:1000

...where 10000 is the starting rule number, and may need to be adjusted 
depending on your IPFW ruleset.

-- 
-Chuck