Date: Tue, 25 May 1999 18:24:30 -0500 From: =?iso-8859-1?Q?Alejandro_Ram=EDrez?= <ales@megared.net.mx> To: "Ed Keith" <edk@kew.com> Cc: "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: which ftp proxy? Message-ID: <008901bea705$bd815f40$f9a3f9cf@megared.net.mx>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi,
You should try to enable natd, it will do what you want, and its better
than having a proxy server, anyway in one case or another, you will be
routing packets fron one interface to another, you can´t avoid that,
enabling natd its very simple, just set these lines in the /etc/rc.conf
file:
gateway_enable="YES" # Set to YES if this host will be a gateway.
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="fxp0" # Public interface to use with natd (it´s
your outside interface).
natd_flags="" # Additional flags for natd (see
"man natd").
Ales
----- Original Message -----
From: Ed Keith <edk@kew.com>
To: Alejandro Ramírez <ales@megared.net.mx>
Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, May 25, 1999 2:18 PM
Subject: Re: which ftp proxy?
> No packets get through the firewall. The firewall system is dual homed. No
> packets are routed between the two addresses. (The internal network is
> 192.168.19.x, so it would be very bad if packets were routed.)
> If I want to ftp out I need to log onto the firewall machine and ftp from
there
> then ftp again (using an ftp server on the firewall that only connects to
the
> inside network) from the firewall to my desktop.
>
> -EdK
>
> Alejandro Ramírez wrote:
>
> > Hi,
> >
> > If you are behind a firewall, and the ports:
> >
> > ftp-data 20/tcp #File Transfer [Default Data]
> > ftp-data 20/udp #File Transfer [Default Data]
> > ftp 21/tcp #File Transfer [Control]
> > ftp 21/udp #File Transfer [Control]
> >
> > aren´t specifically blocked out by your system administrator (that i
don´t
> > think they are), you must use the "passive" mode in ftp transfers, the
> > "passive" mode must be used always that you are behind a firewall, this
is a
> > rule to have a good ftp session, if your system administrator did
> > specifically blocked out this ports, you may ask him to unblock them out
(in
> > /etc/rc.firewall), since this is simpler than to install a proxy server.
And
> > if you want to have more security in your network, and you have already
> > configured ipfw, then you may try to enable "natd" (network address
> > translation), it will let you have private ip addresses in your network
and
> > go outside with a public address for all of your machines (instead of
> > installing a proxy server) but you still will have to use the "passive"
mode
> > in ftp transfers.
> >
> > Ales
> >
> > ----- Original Message -----
> > From: Ed Keith <edk@kew.com>
> > To: Alejandro Ramírez <ales@megared.net.mx>
> > Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> > Sent: Monday, May 24, 1999 11:29 PM
> > Subject: Re: which ftp proxy?
> >
> > > I don't think that will help since all packets are blocked by the
> > firewall.
> > > I think I need to use a proxy server. But I don't know which one would
be
> > > best for my needs. (very small network, light volume, newbe site
admin.,
> > > paranoid domain administrator who may want me to justify why I picked
the
> > one
> > > decide to use.)
> > >
> > > -EdK
> > >
> > >
> > > Alejandro Ramírez wrote:
> > >
> > > > Hi,
> > > >
> > > > Try the "passive" option in the ftp program.
> > > >
> > > > Ales
> > > >
> > > > ----- Original Message -----
> > > > From: Ed Keith <edk@kew.com>
> > > > To: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> > > > Sent: Sunday, May 23, 1999 6:14 PM
> > > > Subject: which ftp proxy?
> > > >
> > > > > I'm running FreeBSD 2.28 and ipfw. I want to install an ftp proxy
so I
> > > > > can connect to ftp sites from behind the firewall. What is
> > recommended?
> > > > >
> > > > > Thanks in advance,
> > > > > -EdK
> > > > >
> > > > >
> > > > >
> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > with "unsubscribe freebsd-questions" in the body of the message
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2014.210" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi,<BR><BR> You should try to
enable natd, it will do what you want, and its better<BR>than having a proxy
server, anyway in one case or another, you will be<BR>routing packets fron one
interface to another, you can´t avoid that,<BR>enabling natd its very simple,
just set these lines in the
/etc/rc.conf<BR>file:<BR><BR>gateway_enable="YES"
# Set to YES if this host will be a
gateway.<BR>natd_enable="YES"
# Enable natd (if firewall_enable ==
YES).<BR>natd_interface="fxp0"
# Public interface to use with natd (it´s<BR>your outside
interface).<BR>natd_flags=""
# Additional flags for natd (see<BR>"man natd").<BR><BR>Ales<BR><BR>-----
Original Message -----<BR>From: Ed Keith <<A
href="mailto:edk@kew.com">edk@kew.com</A>><BR>To: Alejandro Ramírez <<A
href="mailto:ales@megared.net.mx">ales@megared.net.mx</A>><BR>Cc:
freebsd-questions <<A
href="mailto:freebsd-questions@FreeBSD.ORG">freebsd-questions@FreeBSD.ORG</A>><BR>Sent:
Tuesday, May 25, 1999 2:18 PM<BR>Subject: Re: which ftp proxy?<BR><BR><BR>>
No packets get through the firewall. The firewall system is dual homed.
No<BR>> packets are routed between the two addresses. (The internal network
is<BR>> 192.168.19.x, so it would be very bad if packets were
routed.)<BR>> If I want to ftp out I need to log onto the firewall machine
and ftp from<BR>there<BR>> then ftp again (using an ftp server on the
firewall that only connects to<BR>the<BR>> inside network) from the firewall
to my desktop.<BR>><BR>> -EdK<BR>><BR>>
Alejandro Ramírez wrote:<BR>><BR>> > Hi,<BR>> ><BR>> > If
you are behind a firewall, and the ports:<BR>> ><BR>> >
ftp-data
20/tcp #File Transfer [Default Data]<BR>> >
ftp-data
20/udp #File Transfer [Default Data]<BR>> >
ftp
21/tcp #File Transfer [Control]<BR>> >
ftp
21/udp #File Transfer [Control]<BR>> ><BR>> >
aren´t specifically blocked out by your system administrator (that
i<BR>don´t<BR>> > think they are), you must use the "passive" mode in ftp
transfers, the<BR>> > "passive" mode must be used always that you are
behind a firewall, this<BR>is a<BR>> > rule to have a good ftp session, if
your system administrator did<BR>> > specifically blocked out this ports,
you may ask him to unblock them out<BR>(in<BR>> > /etc/rc.firewall), since
this is simpler than to install a proxy server.<BR>And<BR>> > if you want
to have more security in your network, and you have already<BR>> >
configured ipfw, then you may try to enable "natd" (network address<BR>> >
translation), it will let you have private ip addresses in your
network<BR>and<BR>> > go outside with a public address for all of your
machines (instead of<BR>> > installing a proxy server) but you still will
have to use the "passive"<BR>mode<BR>> > in ftp transfers.<BR>>
><BR>> > Ales<BR>> ><BR>> > ----- Original Message
-----<BR>> > From: Ed Keith <<A
href="mailto:edk@kew.com">edk@kew.com</A>><BR>> > To: Alejandro Ramírez
<<A href="mailto:ales@megared.net.mx">ales@megared.net.mx</A>><BR>>
> Cc: freebsd-questions <<A
href="mailto:freebsd-questions@FreeBSD.ORG">freebsd-questions@FreeBSD.ORG</A>><BR>>
> Sent: Monday, May 24, 1999 11:29 PM<BR>> > Subject: Re: which ftp
proxy?<BR>> ><BR>> > > I don't think that will help since
all packets are blocked by the<BR>> > firewall.<BR>> > > I think
I need to use a proxy server. But I don't know which one would<BR>be<BR>>
> > best for my needs. (very small network, light volume, newbe
site<BR>admin.,<BR>> > > paranoid domain administrator who may want me
to justify why I picked<BR>the<BR>> > one<BR>> > > decide to
use.)<BR>> > ><BR>> > > -EdK<BR>>
> ><BR>> > ><BR>> > > Alejandro Ramírez wrote:<BR>>
> ><BR>> > > > Hi,<BR>> > > ><BR>> > >
> Try the "passive" option in the ftp
program.<BR>> > > ><BR>> > > > Ales<BR>> > >
><BR>> > > > ----- Original Message -----<BR>> > > >
From: Ed Keith <<A href="mailto:edk@kew.com">edk@kew.com</A>><BR>> >
> > To: freebsd-questions <<A
href="mailto:freebsd-questions@FreeBSD.ORG">freebsd-questions@FreeBSD.ORG</A>><BR>>
> > > Sent: Sunday, May 23, 1999 6:14 PM<BR>> > > >
Subject: which ftp proxy?<BR>> > > ><BR>> > > > > I'm
running FreeBSD 2.28 and ipfw. I want to install an ftp proxy<BR>so I<BR>>
> > > > can connect to ftp sites from behind the firewall. What
is<BR>> > recommended?<BR>> > > > ><BR>> > > >
> Thanks in advance,<BR>> > > > >
-EdK<BR>> > > > ><BR>> > > > ><BR>> > >
> ><BR>> > > > > To Unsubscribe: send mail to <A
href="mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</A><BR>> > >
> > with "unsubscribe freebsd-questions" in the body of the
message<BR>> > > ><BR>> > > > To Unsubscribe: send mail
to <A href="mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</A><BR>> >
> > with "unsubscribe freebsd-questions" in the body of the
message<BR>> > ><BR>><BR>><BR>><BR>> To Unsubscribe: send
mail to <A href="mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</A><BR>>
with "unsubscribe freebsd-questions" in the body of the
message</FONT></DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008901bea705$bd815f40$f9a3f9cf>