From owner-freebsd-questions  Thu Jun  6  5:11:24 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from axel.truedestiny.net (a185066.upc-a.chello.nl [62.163.185.66])
	by hub.freebsd.org (Postfix) with ESMTP id 6184C37B403
	for <questions@freebsd.org>; Thu,  6 Jun 2002 05:11:19 -0700 (PDT)
Received: by axel.truedestiny.net (Postfix, from userid 1000)
	id 9750E49AB2; Thu,  6 Jun 2002 14:11:21 +0200 (CEST)
Date: Thu, 6 Jun 2002 14:11:21 +0200
From: Axel Scheepers <axel@axel.truedestiny.net>
To: Mark-Nathaniel Weisman <mark@outlander.us>
Cc: questions@freebsd.org
Subject: Re: active ftp on ipfw and natd?
Message-ID: <20020606141121.E67863@mars.thuis>
Reply-To: Axel Scheepers <axel@axel.truedestiny.net>
References: <B9245387.5BC9%mark@outlander.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <B9245387.5BC9%mark@outlander.us>; from mark@outlander.us on Wed, Jun 05, 2002 at 11:47:19PM -0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Jun 05, 2002 at 11:47:19PM -0800, Mark-Nathaniel Weisman wrote:
> List,
>   I was looking through the archives, and it would seem that a potential
> solution for my problem is punch_fw? I haven't read the man about it yet,
> however, I'm trying to run an active ftp connection through a natd/ipfw box
> to my webserver, I've got ports 20 and 21 open, and yet I can't seem to
> connect through the box, any assistance would be greatly appreciated, and
> yes I will go and read the man file on this. ;-)
> 
> His Faithful Servant,
> Mark Weisman
> 
> 
Hi Mark,

I think you have to open up ports 49152-65535 too for ftp to work;
also check these:
02:10pm axel@mars:~ $sysctl -a | grep range
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535

If you want that hole to be less big.

Gr,
- 
Axel Scheepers
UNIX System Administrator

email: axel@axel.truedestiny.net
       a.scheepers@iae.nl
http://axel.truedestiny.net/~axel
------------------------------------------
Seminars, n.:
	From "semi" and "arse", hence, any half-assed discussion.
------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message