From owner-freebsd-hackers Tue Feb 4 07:02:54 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA19569 for hackers-outgoing; Tue, 4 Feb 1997 07:02:54 -0800 (PST) Received: from plains.nodak.edu (tinguely@plains.NoDak.edu [134.129.111.64]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA19564 for ; Tue, 4 Feb 1997 07:02:49 -0800 (PST) Received: (from tinguely@localhost) by plains.nodak.edu (8.8.4/8.8.3) id JAA12296; Tue, 4 Feb 1997 09:02:32 -0600 (CST) Date: Tue, 4 Feb 1997 09:02:32 -0600 (CST) From: Mark Tinguely Message-Id: <199702041502.JAA12296@plains.nodak.edu> To: chris@mail.bb.cc.wa.us Subject: Re: IPFILTER Cc: hackers@FreeBSD.org Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk I used the ftp proxy that comes with the FireWall Tool Kit (FWTK). The FWTK's ftp proxy does not allow for local ftp connections, so I placed the proxy at port 1026 and left the standard ftpd at port 21. I added to /etc/services: ftp-gw 1026/tcp #File Transfer [Control] ftp-gw 1026/udp #File Transfer [Control] I changed the NAT rules to: # file known as /etc/nat_rule # map ppp0 10.1.0.0/24 -> XXXXXXXX/32 portmap tcpudp 1027:20000 # # Redirection is triggered for input packets. # For example, to redirect FTP connections through this box, to the local ftp # port, forcing them to connect through a proxy, you would use: # rdr ed0 0.0.0.0/0 port ftp -> 127.0.0.1 port 1026 in this way, I can ftp to the NAT machine from the internet all the time and from the hidden net whenever NAT is not active. to get the FWTK: echo "send" | mail fwtk-request@tis.com this will respond with a time sensitive ftp directory from which you can download the software. --mark.