Date: Sat, 4 Oct 2003 12:50:54 -0400 From: Adam McLaurin <adam.mclaurin@gmx.net> To: net@freebsd.org Subject: Active-mode FTP routing question Message-ID: <20031004125054.68487767.adam.mclaurin@gmx.net>
next in thread | raw e-mail | index | archive | help
--=.?YIUnT_dQ:ITTf Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Let me start off by mentioning that I do understand the FTP protocol quite well, so we can keep replies focused on firewall/routing issues, instead of re-explaining how FTP works. Second, for my software: My firewall/router is running on FreeBSD 5.1-RELEASE-p8 with ipfilter/ipnat. Here's the problem. One of the FTP servers that I visit frequently does not run on port 21. As such, I cannot use 'proxy port ftp' in ipnat to punch a hole for the returning active mode data connection (at least, I don't see any way to use it). I have two machines running behind my router, one running Windows 2000 with FlashFXP, the other FreeBSD 5.1-R with lftp. Now, lftp has an option 'ftp:port-range' to restrict the active mode ports to a specific range. However, NAT seems to translate this port, because the PORT command received by the server is NOT within the specified range. Of course, if the remote FTP admin had passive mode working, this wouldn't be any issue. However, I've been fighting with the guy for about 2 months, and he simply won't do it. So, the question is, how do I set up my ipfilter/ipnat to allow NAT'd clients to access FTP's (not on port 21) with active mode? Is it possible? I don't see any way, but maybe I'm not understanding everything here. Please CC your reply to me (adam.mclaurin@gmx.net), as I am not subscribed to this list. Thanks, Adam McLaurin --=.?YIUnT_dQ:ITTf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/fvput+DSc2Q4lGYRAsGSAKCdIRgyIFiOsGiycztSbV3uyDaOVACffxwP h0W639ESU0knl5iCJjxFG/k= =VFeM -----END PGP SIGNATURE----- --=.?YIUnT_dQ:ITTf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031004125054.68487767.adam.mclaurin>