Date: Tue, 13 Nov 2001 07:54:42 +0000 From: Josh Paetzel <friar_josh@webwarrior.net> To: Thor Legvold <tlegvold@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw/natd & ftp Message-ID: <20011113075441.A9434@twincat.vladsempire.net> In-Reply-To: <F196r36Dt4LHp7N3XJv0000586f@hotmail.com>; from tlegvold@hotmail.com on Tue, Nov 13, 2001 at 09:07:40AM %2B0000 References: <F196r36Dt4LHp7N3XJv0000586f@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Nov 13, 2001 at 09:07:40AM +0000, Thor Legvold wrote: > I've read through the docs, but haven't been able to solve this seemingly > simple problem: > > FBSD 4.4-STABLE box as gateway to internet (running ipfw/natd), serving 3 > PC's, one running Win98SE, one running WinXP and one running NextStep 3.3 > > >From FBSD box I can ftp from command line and download via browser > (Konquerer, Mozilla) without problem. From Win98SE/XP/NextStep I can browse > (http), but cannot ftp. I've tried both from command line and from browser > (and ftp app "Yftp" on Next). 98SE has IE 5.5, XP has 6.0, NS runs OmniWeb > 2.2. > > I though it was the problem I read about using "passive" transfers because > of the firewall (I can log into the ftp server, but cannot dir/ls or get or > anything else). However, when I open the firewall (add pass all from any to > any), it still doesn't work. So I wonder if NAT might play a part in the > problem, and wonder what I should try next. > > Regards, > Thor I am using a 4.4-STABLE machine running natd/ipfw as the gateway for 3 other FreeBSD machines. None of the machines have any problems accessing ftp or any other service that I want them to for that matter. Perhaps if you posted your ruleset it would be a bit easier to tell what's wrong. Keep in mind that ftp really doesn't work if both the server and the client are behind firewalls. ;) I'll attach a copy of my ruleset so you can try it out or at least compare it to what you have. Josh --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=fwrules /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add allow ip from any to any via lo0 /sbin/ipfw add allow ip from any to any via ed0 /sbin/ipfw add allow tcp from any to any out xmit tun0 setup /sbin/ipfw add allow tcp from any to any via tun0 estab /sbin/ipfw add allow tcp from any to any 22 setup /sbin/ipfw add allow tcp from any to any 80 setup /sbin/ipfw add allow udp from any to any out xmit tun0 /sbin/ipfw add allow udp from any to any in recv tun0 /sbin/ipfw add allow tcp from any to any 113 out xmit /sbin/ipfw add allow tcp from any to any 113 via tun0 /sbin/ipfw add 65434 allow icmp from any to any /sbin/ipfw add 65435 deny ip from any to any --gBBFr7Ir9EOA20Yy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011113075441.A9434>