Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Jan 2001 16:51:32 -0600 (CST)
From:      Brennan Stehling <brennan@offwhite.net>
To:        Matthew Emmerton <matt@gsicomp.on.ca>
Cc:        MuratBSD <muratbsd@softhome.net>, Freebsd-Questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: ftp apps and nat
Message-ID:  <Pine.BSF.4.21.0101181650520.14347-100000@home.offwhite.net>
In-Reply-To: <010101c08192$95c46ba0$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 

Have you tried passive voice mode for ftp?  That may be a obvious solution
but it may be worth checking.  Typically you have to use that through a
firewall.

Brennan Stehling - software developer and system administrator
  my projects: 
       home.offwhite.net (free personal hosting)
       www.greasydaemon.com (bsd search)
       beta.mymilwaukee.com (initial mockup)
       beta.sncalumni.com (initial mockup)


On Thu, 18 Jan 2001, Matthew Emmerton wrote:

> 
> I don't think you've got your port ranges specified properly.  (You
> shouldn't use two dashes in a range.  I believe natd will just take the last
> range specified, which would have been 21-23, meaning that you ftp (21), ssh
> (22) and telnet (23) would have been redirected, but ftp-data (20) would
> not.)
> 
> Try this instead:
> 
> redirect_port tcp 10.100.100.1:20-21 20-21
> redirect_port tcp 10.100.100.1:23 23
> 
> --
> Matt Emmerton
> 
> > At worst you may need to type passive at the prompt after you log in,
> > before you run any commands. But I'm no firewall guru, and someone else
> > might spot a fix somewhere for your rules.
> >
> > MuratBSD wrote:
> >
> > > Hi
> > >
> > > I implemented a NATdeamon and firewall (IPFW)  with a FreeBSD 4.2 stable
> and
> > > I didn't any successfull operation with ftp client, my firewall and nat
> > > options are below. I can logon to ftp server but my commands are not
> working
> > >
> > > Please help me
> > >
> > > // NAT options //
> > >
> > > unregistered_only
> > > alias_address 195.155.33.55
> > > log
> > > redirect_port tcp 10.100.100.1:20-21-23 20-21-23
> > > dynamic
> > > same_ports
> > >
> > > //------------//
> > >
> > >
> > >
> > > // Firewall rules //
> > >
> > > 00020 1849175 1088830170 divert 8668 ip from any to any via fxp1
> > > 00030    5584     609962 allow ip from any to any via lo0
> > > 00040 3453531 2146965479 allow tcp from any to any established
> > > 00060       0          0 deny ip from any to 127.0.0.0/8
> > > 00200   39614    1880048 allow tcp from any to any 80 setup
> > > 00201       0          0 allow tcp from any 80 to any
> > > 00202       8        480 allow tcp from any to any 80
> > > 00250       2         80 allow tcp from any 21 to any
> > > 00255     665      31580 allow tcp from any to any 21
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101181650520.14347-100000>