From owner-freebsd-questions@FreeBSD.ORG Sat May 24 11:17:42 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E9BB37B401 for ; Sat, 24 May 2003 11:17:42 -0700 (PDT) Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC01243F85 for ; Sat, 24 May 2003 11:17:41 -0700 (PDT) (envelope-from andras@kende.com) Received: from AK ([64.174.210.19]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 HotFix 1.6 (built Oct 18 2002)) with SMTP id <0HFE007WDLHGYL@mta6.snfc21.pbi.net> for freebsd-questions@freebsd.org; Sat, 24 May 2003 11:17:41 -0700 (PDT) Date: Sat, 24 May 2003 11:17:45 -0700 From: Andras Kende In-reply-to: <20030524120545.P53897@doriath.saers.com> To: Niklas Saers Mailinglistaccount , freebsd-questions@freebsd.org Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Subject: RE: natd & passive FTP not working X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2003 18:17:42 -0000 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Niklas Saers Mailinglistaccount Sent: Saturday, May 24, 2003 3:18 AM To: freebsd-questions@freebsd.org Subject: natd & passive FTP not working Hi, I'm running a FreeBSD firewall and have a FTP server on the inside of this (the firewall is the outer firewall of a dmz, and yes, I need the FTP). My problem is that passive connections from the outside seem to die, but active connections live. I wasn't expecting active connections to live, but I don't mind that. But please, how do I connect with passive FTP? This is what happens from an outside box: $ ftp ftp://user:pass@193.212.204.46:/ Connected to 193.212.204.46. 220 www.registrar.no FTP server (Version 6.00LS) ready. 331 Password required for user. 230 User user logged in, access restrictions apply. 200 Type set to I. 250 CWD command successful. ftp> ls ftp: connect: Operation timed out ftp> passive Passive mode off. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for '/bin/ls'. total 12 drwxr-xr-x 2 user users 512 May 17 16:10 bin 226 Transfer complete. ftp> My firewall has the following in it's natd.config: interface fxp0 punch_fw 9000:800 deny_incoming yes log_ipfw_denied yes log yes redirect_port tcp 192.168.1.10:20 193.212.204.46:20 redirect_port tcp 192.168.1.10:21 193.212.204.46:21 redirect_port udp 192.168.1.10:20 193.212.204.46:20 redirect_port udp 192.168.1.10:21 193.212.204.46:21 My fxp0 has IP 193.212.204.46 and my fxp2 has IP 192.168.1.1 My firewall rules are for the moment: 00100 51820 26378787 divert 8668 ip from any to any via fxp0 00200 179730 75469049 allow ip from any to any (I'll tighten them more as soon as I've got all of this running. But I figure natd takes most already) So again, how do I make passive FTP work for this setup? Cheers Nik ____________________________________________________________________________ __________________ Hello Nik, I would try something like: Firewall: redirect_port tcp 192.168.1.10:51000-51999 193.212.204.46:51000-51999 FTP server: Proftpd config: PassivePorts 51000 51999 Look for details here: http://slacksite.com/other/ftp.html http://slacksite.com/other/ftp-appendix1.html Best regards, Andras Kende ____________________________________________________________________________ __________________