From owner-freebsd-questions Thu Jan 18 14:51:58 2001 Delivered-To: freebsd-questions@freebsd.org Received: from home.offwhite.net (home.offwhite.net [156.46.35.30]) by hub.freebsd.org (Postfix) with ESMTP id 9E22837B401 for ; Thu, 18 Jan 2001 14:51:37 -0800 (PST) Received: from localhost (brennan@localhost) by home.offwhite.net (8.11.1/8.11.1) with ESMTP id f0IMpXD19155; Thu, 18 Jan 2001 16:51:33 -0600 (CST) (envelope-from brennan@offwhite.net) Date: Thu, 18 Jan 2001 16:51:32 -0600 (CST) From: Brennan Stehling To: Matthew Emmerton Cc: MuratBSD , Freebsd-Questions Subject: Re: ftp apps and nat In-Reply-To: <010101c08192$95c46ba0$1200a8c0@gsicomp.on.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Have you tried passive voice mode for ftp? That may be a obvious solution but it may be worth checking. Typically you have to use that through a firewall. Brennan Stehling - software developer and system administrator my projects: home.offwhite.net (free personal hosting) www.greasydaemon.com (bsd search) beta.mymilwaukee.com (initial mockup) beta.sncalumni.com (initial mockup) On Thu, 18 Jan 2001, Matthew Emmerton wrote: > > I don't think you've got your port ranges specified properly. (You > shouldn't use two dashes in a range. I believe natd will just take the last > range specified, which would have been 21-23, meaning that you ftp (21), ssh > (22) and telnet (23) would have been redirected, but ftp-data (20) would > not.) > > Try this instead: > > redirect_port tcp 10.100.100.1:20-21 20-21 > redirect_port tcp 10.100.100.1:23 23 > > -- > Matt Emmerton > > > At worst you may need to type passive at the prompt after you log in, > > before you run any commands. But I'm no firewall guru, and someone else > > might spot a fix somewhere for your rules. > > > > MuratBSD wrote: > > > > > Hi > > > > > > I implemented a NATdeamon and firewall (IPFW) with a FreeBSD 4.2 stable > and > > > I didn't any successfull operation with ftp client, my firewall and nat > > > options are below. I can logon to ftp server but my commands are not > working > > > > > > Please help me > > > > > > // NAT options // > > > > > > unregistered_only > > > alias_address 195.155.33.55 > > > log > > > redirect_port tcp 10.100.100.1:20-21-23 20-21-23 > > > dynamic > > > same_ports > > > > > > //------------// > > > > > > > > > > > > // Firewall rules // > > > > > > 00020 1849175 1088830170 divert 8668 ip from any to any via fxp1 > > > 00030 5584 609962 allow ip from any to any via lo0 > > > 00040 3453531 2146965479 allow tcp from any to any established > > > 00060 0 0 deny ip from any to 127.0.0.0/8 > > > 00200 39614 1880048 allow tcp from any to any 80 setup > > > 00201 0 0 allow tcp from any 80 to any > > > 00202 8 480 allow tcp from any to any 80 > > > 00250 2 80 allow tcp from any 21 to any > > > 00255 665 31580 allow tcp from any to any 21 > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message