From owner-freebsd-net@FreeBSD.ORG Sat Oct 4 09:51:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2C1016A4B3 for ; Sat, 4 Oct 2003 09:51:04 -0700 (PDT) Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 7BD3644005 for ; Sat, 4 Oct 2003 09:51:03 -0700 (PDT) (envelope-from adam.mclaurin@gmx.net) Received: (qmail 28496 invoked by uid 65534); 4 Oct 2003 16:51:02 -0000 Received: from dsl-cust-145.openweb.ca (EHLO jake) (64.39.186.145) by mail.gmx.net (mp012) with SMTP; 04 Oct 2003 18:51:02 +0200 X-Authenticated: #19934200 Date: Sat, 4 Oct 2003 12:50:54 -0400 From: Adam McLaurin To: net@freebsd.org Message-Id: <20031004125054.68487767.adam.mclaurin@gmx.net> Organization: X-Mailer: Sylpheed version 0.9.5-gtk2-20030906 (GTK+ 2.2.4; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=.?YIUnT_dQ:ITTf" Subject: Active-mode FTP routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Oct 2003 16:51:04 -0000 --=.?YIUnT_dQ:ITTf Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Let me start off by mentioning that I do understand the FTP protocol quite well, so we can keep replies focused on firewall/routing issues, instead of re-explaining how FTP works. Second, for my software: My firewall/router is running on FreeBSD 5.1-RELEASE-p8 with ipfilter/ipnat. Here's the problem. One of the FTP servers that I visit frequently does not run on port 21. As such, I cannot use 'proxy port ftp' in ipnat to punch a hole for the returning active mode data connection (at least, I don't see any way to use it). I have two machines running behind my router, one running Windows 2000 with FlashFXP, the other FreeBSD 5.1-R with lftp. Now, lftp has an option 'ftp:port-range' to restrict the active mode ports to a specific range. However, NAT seems to translate this port, because the PORT command received by the server is NOT within the specified range. Of course, if the remote FTP admin had passive mode working, this wouldn't be any issue. However, I've been fighting with the guy for about 2 months, and he simply won't do it. So, the question is, how do I set up my ipfilter/ipnat to allow NAT'd clients to access FTP's (not on port 21) with active mode? Is it possible? I don't see any way, but maybe I'm not understanding everything here. Please CC your reply to me (adam.mclaurin@gmx.net), as I am not subscribed to this list. Thanks, Adam McLaurin --=.?YIUnT_dQ:ITTf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/fvput+DSc2Q4lGYRAsGSAKCdIRgyIFiOsGiycztSbV3uyDaOVACffxwP h0W639ESU0knl5iCJjxFG/k= =VFeM -----END PGP SIGNATURE----- --=.?YIUnT_dQ:ITTf--