Date: Mon, 10 Jan 2000 10:25:16 -0500 (EST) From: bunicula <bunicula@rcn.com> To: freebsd-questions@freebsd.org Subject: *sigh* more stupid questions... Message-ID: <Pine.LNX.4.21.0001101012320.4722-100000@charon>
next in thread | raw e-mail | index | archive | help
well, i somehow just managed to take down the machine by ftp'ing... not a
very positive thing :(
i had my ipf and ipnat rules set up to the point where i thought they were
working. the ports seemed comfortably blocked, the tcp_wrappers issue was
overcome.
i had one machine hooked up to the lan side of it to test nat. web
browsing was fine, telnet, ssh... then i tried to ftp.
i logged into the ftp server fine, then when i typed 'ls' the freebsd box
dropped off the face of the network. dead to both internal and external
interfaces! ouch...
so looking at the ipfilter list archives, it seems that i should
1: update to ipfilter 3.3.6
2: add a transparent proxy rule to ipnat for the router box
( map 0/32 -> 0/32 proxy port 21 ftp/tcp )
now, since i'm cut off from this machine for a few hours now, i really
can't do much, so i'd like to try to make sure i know what i need to do to
get this working right...
i want active ftp to work for both the lan, and for the router box
itself... and for external clients to be able to ftp to the server in
active mode.
could someone point me toward the ipf rules that will allow this?
i'm thinking i'll need something like:
ipf:
pass in on xl0 from any to any port = 20
pass in on xl0 from any to any port = 21
pass out on xl0 from any to any
ipnat:
map xl0 192.168.2.0/24 -> 0/32
map xl0 192.168.2.0/24 -> 0/32 proxy port 21 ftp/tcp
map xl0 0/32 -> 0/32 proxy port 21 ftp/tcp
is this the correct way to go?
brian
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0001101012320.4722-100000>