Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 May 2002 22:38:31 +0200
From:      Paul Everlund <tdv94ped@cs.umu.se>
To:        freebsd-questions@freebsd.org
Subject:   FreeBSD NAT/ProFTPd vs Win2k ICS/FTP-client
Message-ID:  <3CF68DC7.B9F2B497@cs.umu.se>
next in thread | raw e-mail | index | archive | help 
Hi everyone!

I have a question I hope someone here can answer.

The setup is like this:

FreeBSD/ProFTPd  FreeBSD/IPFW/NAT/PPPoE/ADSL
192.168.0.5 <--- 192.168.0.1/aaa.bbb.ccc.ddd <--- Internet <---

               Win2k/ICS              Win2k/FTP-klient
<--- www.xxx.yyy.zzz/192.168.0.x <--- 192.168.0.218

I do a NAT redirect like this (natd.conf):
redirect_port   tcp     192.168.0.5:2121        2121

ProFTPd is listening on port 2121, and the FTP-client is con-
necting to aaa.bbb.ccc.ddd:2121.

The firewall works for other hosts connecting to my FTP-server,
so it should work for this too.

When 192.168.0.218 connects I see following in my ProFTPd log:

*.net[www.xxx.yyy.zzz]) - FTP session opened.
May 28 19:42:51 freebsd proftpd[4403]: *.homeip.net
       (*.net[www.xxx.yyy.zzz]) - USER abc: Login successful.
May 28 19:42:52 freebsd proftpd[4403]: *.homeip.net
       (*.net[www.xxx.yyy.zzz]) - Refused PORT
       192,168,0,218,12,209 (address mismatch).
May 28 19:43:03 freebsd proftpd[4403]: *.homeip.net
       (*.net[www.xxx.yyy.zzz]) - FTP session closed.

One can clearly see that the connecting computers internal
IP-address, 192.168.0.218, shows up instead of www.xxx.yyy.zzz,
and this results in an error.
If the address would have been 192.168.0.218 right after it
have been NAT:ed on tun0, it would have been stopped by my
ipfw rules, as nothing is allowed to come in to tun0 that is
a private network.

How can this be solved? Is the solution in my FreeBSD NAT setup,
or at the Win2k ICS setup, or maybe in the FTP-client?

More info if needed can be provided.

Thanks a lot in advance for anyone taking time to write back!

Best regards,
Paul

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CF68DC7.B9F2B497>