Date: Mon, 17 Jan 2000 06:11:02 -0500 From: Ben WIlliams <williamsl@Home.Com> To: FreeBSD questions <freebsd-questions@freebsd.org> Subject: Private network + IP-Filter + IP-NAT + internal ftpd Message-ID: <12257.000117@Home.Com>
next in thread | raw e-mail | index | archive | help
Monday, January 17, 2000 As the subject suggests I am connected to the internet from a private network (192.168.0.0 address space) through a FreeBSD 3.2-RELEASE box with two NICs (one for the inside, one for the out) which is running ipf ( IP-Filter http://coombs.anu.edu.au/~avalon/ip-filter.html ) and ipnat to get me out. What I want to do now is set up an ftp server on one of my internal boxes to be reachable by someone else on the net behind an unknown firewall. I am on the @Home network and as such I cannot run daemons on their standard < 1023 ports due to some questionable network policies decreed by @Home so I have to redirect some_high_port on the external interface to my ftp port in the internal machine to get connections to the server. This works well for someone NOT behind a firewall using active ftp sessions. Passive ftp sessions break possibly due to the fact that ipnat doesn't know it's dealing with an ftp connection and libalias can't take the appropriate steps to ensure the FTP connection goes through. This does not work at all for someone behind a firewall because the PORT command chokes with a "530 Only client IP..", PASV breaks because you can't route 192.168.0.0 on the net and if I tell the server to issue the outside address for PASV it fails as well because my NAT box doesn't know it's speaking FTP. I need to know how to either hack libalias to acknowledge FTP connections on a non-standard port, how to set up ipf/ipnat rules to enable either active or passive FTP connections on a non-standard port or any other way I could get this setup working without putting the outside port number down where it belongs. I have already perused the list archives and I haven't found much helpful info for getting back in on redirected (non-standard) ports for FTP. TIA, -- Ben mailto:williamsl@Home.Com PS -- If anyone has any pointers on getting ICQ to do direct connections (chat, file x-fer, etc) in the same configuration ( myhost <-> NAT <-> 'net <-> firewall <-> otherhost ) I would appreciate any info you can give me! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12257.000117>