From owner-freebsd-net@FreeBSD.ORG  Wed Jan 12 06:15:02 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6326D106566C
	for <net@freebsd.org>; Wed, 12 Jan 2011 06:15:02 +0000 (UTC)
	(envelope-from artem@aws-net.org.ua)
Received: from lazy.aws-net.org.ua (lazy.aws-net.org.ua
	[IPv6:2a00:1db0:20::828:140])
	by mx1.freebsd.org (Postfix) with ESMTP id BF3428FC16
	for <net@freebsd.org>; Wed, 12 Jan 2011 06:15:01 +0000 (UTC)
Received: from rainbow.vl.net.ua (rainbow.vl.net.ua [188.230.120.215])
	(authenticated bits=0)
	by lazy.aws-net.org.ua (8.14.3/8.14.3) with ESMTP id p0C6Es74085301
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=OK);
	Wed, 12 Jan 2011 08:14:59 +0200 (EET)
	(envelope-from artem@aws-net.org.ua)
Message-ID: <4D2D46DE.70101@aws-net.org.ua>
Date: Wed, 12 Jan 2011 08:14:54 +0200
From: Artyom Viklenko <artem@aws-net.org.ua>
Organization: Art&Co.
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU;
	rv:1.9.2.11) Gecko/20101025 Thunderbird/3.1.5
MIME-Version: 1.0
To: Brett Glass <brett@lariat.net>
References: <201101112306.QAA29979@lariat.net>
In-Reply-To: <201101112306.QAA29979@lariat.net>
Content-Type: text/plain; charset=KOI8-U; format=flowed
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5
	(lazy.aws-net.org.ua [188.230.120.140]);
	Wed, 12 Jan 2011 08:14:59 +0200 (EET)
Cc: net@freebsd.org
Subject: Re: IPFW firewall NAT and active FTP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2011 06:15:02 -0000

12.01.2011 01:06, Brett Glass пишет:
> I'm working with a customer who has a FreeBSD 8.0 firewall, set up with firewall
> NAT in IPFW. It uses one-to-one static NAT to redirect FTP sessions
> originating on the outside to an FTP server on the inside. The FTP server is
> accessible via text-based FTP clients, but not via Web-based clients such as
> Mozilla Firefox or Internet Explorer. The internal FTP server is also a FreeBSD
> machine.
>

Does FTP server enforces any limits for sessions per ip?
In past I saw that IE can open up to four concurrent sessions.
If plain text ftp clients works, IMHO it's not a NAT problem.
Also check config of ipfw is it supports both active and passive
FTP transfers.


> He's wondering if the problem has to do with the lack of a "firewall punching"
> setting (which exists in natd but not in IPFW's built-in NAT). Can anyone
> suggest what might be causing the problem?
>
> --Brett Glass
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"


-- 
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem@viklenko.net   | JID: artem@jabber.aws-net.org.ua
FreeBSD: The Power to Serve   -  http://www.freebsd.org