From owner-freebsd-net@FreeBSD.ORG Tue Jan 11 23:31:24 2011 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF4DB1065670 for ; Tue, 11 Jan 2011 23:31:24 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.119.58.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5B5AE8FC17 for ; Tue, 11 Jan 2011 23:31:24 +0000 (UTC) Received: (from brett@localhost) by lariat.net (8.9.3/8.9.3) id QAA29979; Tue, 11 Jan 2011 16:06:14 -0700 (MST) Date: Tue, 11 Jan 2011 16:06:14 -0700 (MST) From: Brett Glass Message-Id: <201101112306.QAA29979@lariat.net> To: net@freebsd.org Cc: Subject: IPFW firewall NAT and active FTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2011 23:31:24 -0000 I'm working with a customer who has a FreeBSD 8.0 firewall, set up with firewall NAT in IPFW. It uses one-to-one static NAT to redirect FTP sessions originating on the outside to an FTP server on the inside. The FTP server is accessible via text-based FTP clients, but not via Web-based clients such as Mozilla Firefox or Internet Explorer. The internal FTP server is also a FreeBSD machine. He's wondering if the problem has to do with the lack of a "firewall punching" setting (which exists in natd but not in IPFW's built-in NAT). Can anyone suggest what might be causing the problem? --Brett Glass