Date: Sun, 17 May 2009 23:05:44 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= <patfbsd@davenulle.org> To: alexus <alexus@gmail.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: ipnat port-range Message-ID: <20090517230544.7e0a8170@baby-jane.lamaiziere.net> In-Reply-To: <6ae50c2d0905171316y6a5ef955u3517366d71229e70@mail.gmail.com> References: <6ae50c2d0905130958r6877114bgbea6a4f717c1287d@mail.gmail.com> <6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com> <991123400905132259n2e99fa40g9ef9c18514ab0637@mail.gmail.com> <4A0F1724.50205@telia.com> <6ae50c2d0905171316y6a5ef955u3517366d71229e70@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Sun, 17 May 2009 16:16:51 -0400, alexus <alexus@gmail.com>: > i dont see how things are obvious for you as they not so obvious for > me. first of all my ipf default policy to allow everything. > > so the original question is for ipnat and not for ipf > > now for non-passive (active) i put in these rules > > rdr bce0 0/0 port ftp-data -> lama port ftp-data tcp > rdr bce0 0/0 port ftp -> lama port ftp tcp > > and for pasv i still dont know what to do > > i've tried > > rdr bce0 0/0 port 49152-65534 -> lama port 65534 > > and in my ftp i said that this is range for pasv connections I don't think there is a way to redirect a ports ranges to a ports range with ipnat. For my ftp server I redirect each port (I use 30000 to 30039 for FTP) with a rule: rdr vr0 0.0.0.0/0 port 21 -> 192.168.1.4 port 21 rdr vr0 0.0.0.0/0 port 30000 -> 192.168.1.4 port 30000 rdr vr0 0.0.0.0/0 port 30001 -> 192.168.1.4 port 30001 ... rdr vr0 0.0.0.0/0 port 30038 -> 192.168.1.4 port 30038 rdr vr0 0.0.0.0/0 port 30039 -> 192.168.1.4 port 30039 For ipnat see http://www.westworks.ch/~chris/netbsd/NetBSD-NAT-FTP-server.html Regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090517230544.7e0a8170>