From owner-freebsd-questions Mon Jun 3 12:58:53 2002 Delivered-To: freebsd-questions@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 76FF037B405 for ; Mon, 3 Jun 2002 12:58:48 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id g53JuJi79265; Mon, 3 Jun 2002 16:56:19 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Mon, 3 Jun 2002 16:56:19 -0300 (ART) From: Fernando Gleiser X-X-Sender: To: Darryl Hoar Cc: Subject: RE: IPFILTER & FTP In-Reply-To: <005501c20b34$fd329230$0701a8c0@darryl> Message-ID: <20020603165222.R78390-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 3 Jun 2002, Darryl Hoar wrote: > > Well, > I checked my ipf.rules file and my out bound and inbound have > keep state. I have tried putting: > map xl0 0/0 -> 0/32 proxy port 21 ftp/tcp > in my ipnat.rules file. When I do this, I can ftp passive into > a machine when logged into my firewall. From any other machine > on my network, no joy. > > If I replace that with: > map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp > I can't ftp even from the firewall. I have double checked my > ipf.rules and they look right. What am I missing here? Post the following: 1. Your ipnat.rules file. 2. your ipf.rules file. 3. The output of a 'sysctl net.inet' You can also try flushing the ipf rules, to check if the ftp transfer gets blocked by some ipf rule. Load them as soon as you finish the test. Fer > > thanks for any ideas, > Darryl > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message