Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Nov 2001 07:54:42 +0000
From:      Josh Paetzel <friar_josh@webwarrior.net>
To:        Thor Legvold <tlegvold@hotmail.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: ipfw/natd & ftp
Message-ID:  <20011113075441.A9434@twincat.vladsempire.net>
In-Reply-To: <F196r36Dt4LHp7N3XJv0000586f@hotmail.com>; from tlegvold@hotmail.com on Tue, Nov 13, 2001 at 09:07:40AM %2B0000
References:  <F196r36Dt4LHp7N3XJv0000586f@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Nov 13, 2001 at 09:07:40AM +0000, Thor Legvold wrote:
> I've read through the docs, but haven't been able to solve this seemingly 
> simple problem:
> 
> FBSD 4.4-STABLE box as gateway to internet (running ipfw/natd), serving 3 
> PC's, one running Win98SE, one running WinXP and one running NextStep 3.3
> 
> >From FBSD box I can ftp from command line and download via browser 
> (Konquerer, Mozilla) without problem. From Win98SE/XP/NextStep I can browse 
> (http), but cannot ftp. I've tried both from command line and from browser 
> (and ftp app "Yftp" on Next). 98SE has IE 5.5, XP has 6.0, NS runs OmniWeb 
> 2.2.
> 
> I though it was the problem I read about using "passive" transfers because 
> of the firewall (I can log into the ftp server, but cannot dir/ls or get or 
> anything else). However, when I open the firewall (add pass all from any to 
> any), it still doesn't work.  So I wonder if NAT might play a part in the 
> problem, and wonder what I should try next.
> 
> Regards,
> Thor

I am using a 4.4-STABLE machine running natd/ipfw as the gateway for 3 
other FreeBSD machines.  None of the machines have any problems 
accessing ftp or any other service that I want them to for that 
matter.  Perhaps if you posted your ruleset it would be a bit easier 
to tell what's wrong.  Keep in mind that ftp really doesn't work if 
both the server and the client are behind firewalls. ;)

I'll attach a copy of my ruleset so you can try it out or at least 
compare it to what you have.

Josh


--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=fwrules

/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via tun0
/sbin/ipfw add allow ip from any to any via lo0
/sbin/ipfw add allow ip from any to any via ed0
/sbin/ipfw add allow tcp from any to any out xmit tun0 setup
/sbin/ipfw add allow tcp from any to any via tun0 estab 
/sbin/ipfw add allow tcp from any to any 22 setup
/sbin/ipfw add allow tcp from any to any 80 setup
/sbin/ipfw add allow udp from any to any out xmit tun0
/sbin/ipfw add allow udp from any to any in recv tun0
/sbin/ipfw add allow tcp from any to any 113 out xmit 
/sbin/ipfw add allow tcp from any to any 113 via tun0 
/sbin/ipfw add 65434 allow icmp from any to any
/sbin/ipfw add 65435 deny ip from any to any


--gBBFr7Ir9EOA20Yy--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011113075441.A9434>