Date: Tue, 6 Aug 2002 14:35:42 -0400 From: "Scott M. Nolde" <scott@smnolde.com> To: David Kelly <dkelly@hiwaay.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: natd dies on attempt to open non-passive ftp Message-ID: <20020806143542.A43925@smnolde.com> In-Reply-To: <20020806182256.GA52948@grumpy.dyndns.org>; from dkelly@hiwaay.net on Tue, Aug 06, 2002 at 01:22:56PM -0500 References: <20020806182256.GA52948@grumpy.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David Kelly(dkelly@hiwaay.net)@2002.08.06 13:22:56 +0000: > Very closely related it ipfw, natd. > > After the spate of ssh announcements last week I upgraded the office > FreeBSD firewall/router to the latest RELENG_4 as of the morning of > August 1. Is still using the default ipfw. > > My natd.conf file is thus: > > log_facility security > log_denied yes > dynamic yes > use_sockets yes > same_ports yes > punch_fw 2610:90 > > Passive ftp has never worked for me thru IPFW/divert/natd but > non-passive ftp works peachy. Until today when we dropped off the > internet when I thought to visit ftp://ftp.cdrom.com/. > > Having tried passive and non-passive several times now I never see an > entry listed in "ipfw list" when I attempt a passive connection. Then > again it doesn't get thru either. And doesn't kill natd. > > Non-passive I can get all the way thru login. Natd dies on opening a > data connection such as "ls". No rules added in ipfw between 2610 and > 2699. > > No message in /var/log/messages. No .core files. > > Am going to have a go at ipfw2. Currently suspect some of the changes to > support ipfw2 have inadvertantly touched ipfw1 but sniffing around I > can't find them. > I've had passive ftp working for a long time on my firewall. The basic rule is ipfw add allow tcp from any 20 to any 1024-65535 setup and allow established connections from another rule. -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020806143542.A43925>