From owner-freebsd-questions  Fri Apr 20  9:49:22 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from 100m.mp200-1.esr.lvcm.net (100m.mp200-1.esr.lvcm.net [24.234.0.80])
	by hub.freebsd.org (Postfix) with ESMTP id 7923037B43C
	for <freebsd-questions@FreeBSD.ORG>; Fri, 20 Apr 2001 09:49:18 -0700 (PDT)
	(envelope-from house@lvcm.com)
Received: from neoone (cm082.44.234.24.lvcm.com [24.234.44.82])
	by 100m.mp200-1.esr.lvcm.net (Mirapoint)
	with SMTP id ABP56697;
	Fri, 20 Apr 2001 09:48:44 -0700 (PDT)
Message-ID: <059401c0c9b9$7d267920$1616160a@neoone>
From: "JannaDanRich" <house@lvcm.com>
To: "Fernando Gleiser" <fgleiser@cactus.fi.uba.ar>
Cc: <freebsd-questions@FreeBSD.ORG>
References: <Pine.BSF.4.21.0104201143530.56747-100000@cactus.fi.uba.ar>
Subject: Re: IPFILTER or IPFW? 
Date: Fri, 20 Apr 2001 09:46:41 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Thank You,

RTFM I see .. thought I'd covered everything the first time thru
sorry, and thanks again

Rich
----- Original Message -----
From: "Fernando Gleiser" <fgleiser@cactus.fi.uba.ar>
To: <house@lvcm.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Sent: Friday, April 20, 2001 7:59 AM
Subject: RE: IPFILTER or IPFW?


>
> Please wrap your lines at 70 chars.
>
> On Fri, 20 Apr 2001, JannaDanRich wrote:
>
> > I did read somewhere that ipnat could not read from drive when
kern security
> > level was set to 2 .. which is of course the level at which one
might
> > expect me to set my firewall box? (this, from the best that I
could
> > understand was "wouldn't allow me to change rules dynamically
> > .. therefore I rebooted machine with pass out all / pass in
> > all")   IPNAT works fine, and gives me no worries, except for FTP
.. I
> > found no other info about this
>
> In normal mode, the ftp server needs to make an incomming connection
to
> the client. If your clients are been NATed, the server sees the
connection
> coming from the NAT box, and tries to make the data connection to
that
> box. Thats why ftp doesn't work behind a pure NAT box.
>
>
> To make it work, you need to enable ipnat's built in ftp proxy. Just
add
> the following line at the top of your ipnat configuration file.
>
> map xl0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
>
> (Change the interface name and the internal network addr to match
yours)
>
> For further info, read the HOWTO
(http://www.obsfuscation.org/ipfilter)
>
>
> Fer
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message