Date: Tue, 25 May 1999 18:24:30 -0500 From: =?iso-8859-1?Q?Alejandro_Ram=EDrez?= <ales@megared.net.mx> To: "Ed Keith" <edk@kew.com> Cc: "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: which ftp proxy? Message-ID: <008901bea705$bd815f40$f9a3f9cf@megared.net.mx>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0086_01BEA6DB.D46FD4E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi,
You should try to enable natd, it will do what you want, and its =
better
than having a proxy server, anyway in one case or another, you will be
routing packets fron one interface to another, you can=B4t avoid that,
enabling natd its very simple, just set these lines in the /etc/rc.conf
file:
gateway_enable=3D"YES" # Set to YES if this host will be a =
gateway.
natd_enable=3D"YES" # Enable natd (if firewall_enable =
=3D=3D YES).
natd_interface=3D"fxp0" # Public interface to use with natd =
(it=B4s
your outside interface).
natd_flags=3D"" # Additional flags for natd =
(see
"man natd").
Ales
----- Original Message -----
From: Ed Keith <edk@kew.com>
To: Alejandro Ram=EDrez <ales@megared.net.mx>
Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, May 25, 1999 2:18 PM
Subject: Re: which ftp proxy?
> No packets get through the firewall. The firewall system is dual =
homed. No
> packets are routed between the two addresses. (The internal network is
> 192.168.19.x, so it would be very bad if packets were routed.)
> If I want to ftp out I need to log onto the firewall machine and ftp =
from
there
> then ftp again (using an ftp server on the firewall that only connects =
to
the
> inside network) from the firewall to my desktop.
>
> -EdK
>
> Alejandro Ram=EDrez wrote:
>
> > Hi,
> >
> > If you are behind a firewall, and the ports:
> >
> > ftp-data 20/tcp #File Transfer [Default Data]
> > ftp-data 20/udp #File Transfer [Default Data]
> > ftp 21/tcp #File Transfer [Control]
> > ftp 21/udp #File Transfer [Control]
> >
> > aren=B4t specifically blocked out by your system administrator (that =
i
don=B4t
> > think they are), you must use the "passive" mode in ftp transfers, =
the
> > "passive" mode must be used always that you are behind a firewall, =
this
is a
> > rule to have a good ftp session, if your system administrator did
> > specifically blocked out this ports, you may ask him to unblock them =
out
(in
> > /etc/rc.firewall), since this is simpler than to install a proxy =
server.
And
> > if you want to have more security in your network, and you have =
already
> > configured ipfw, then you may try to enable "natd" (network address
> > translation), it will let you have private ip addresses in your =
network
and
> > go outside with a public address for all of your machines (instead =
of
> > installing a proxy server) but you still will have to use the =
"passive"
mode
> > in ftp transfers.
> >
> > Ales
> >
> > ----- Original Message -----
> > From: Ed Keith <edk@kew.com>
> > To: Alejandro Ram=EDrez <ales@megared.net.mx>
> > Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> > Sent: Monday, May 24, 1999 11:29 PM
> > Subject: Re: which ftp proxy?
> >
> > > I don't think that will help since all packets are blocked by the
> > firewall.
> > > I think I need to use a proxy server. But I don't know which one =
would
be
> > > best for my needs. (very small network, light volume, newbe site
admin.,
> > > paranoid domain administrator who may want me to justify why I =
picked
the
> > one
> > > decide to use.)
> > >
> > > -EdK
> > >
> > >
> > > Alejandro Ram=EDrez wrote:
> > >
> > > > Hi,
> > > >
> > > > Try the "passive" option in the ftp program.
> > > >
> > > > Ales
> > > >
> > > > ----- Original Message -----
> > > > From: Ed Keith <edk@kew.com>
> > > > To: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> > > > Sent: Sunday, May 23, 1999 6:14 PM
> > > > Subject: which ftp proxy?
> > > >
> > > > > I'm running FreeBSD 2.28 and ipfw. I want to install an ftp =
proxy
so I
> > > > > can connect to ftp sites from behind the firewall. What is
> > recommended?
> > > > >
> > > > > Thanks in advance,
> > > > > -EdK
> > > > >
> > > > >
> > > > >
> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > with "unsubscribe freebsd-questions" in the body of the =
message
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
------=_NextPart_000_0086_01BEA6DB.D46FD4E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2014.210" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,<BR><BR> You =
should try to=20
enable natd, it will do what you want, and its better<BR>than having a =
proxy=20
server, anyway in one case or another, you will be<BR>routing packets =
fron one=20
interface to another, you can=B4t avoid that,<BR>enabling natd its very =
simple,=20
just set these lines in the=20
/etc/rc.conf<BR>file:<BR><BR>gateway_enable=3D"YES" &nbs=
p; =20
# Set to YES if this host will be a=20
gateway.<BR>natd_enable=3D"YES" =
=20
# Enable natd (if firewall_enable =3D=3D=20
YES).<BR>natd_interface=3D"fxp0"  =
; =20
# Public interface to use with natd (it=B4s<BR>your outside=20
interface).<BR>natd_flags=3D"" &=
nbsp; &n=
bsp; =20
# Additional flags for natd (see<BR>"man =
natd").<BR><BR>Ales<BR><BR>-----=20
Original Message -----<BR>From: Ed Keith <<A=20
href=3D"mailto:edk@kew.com">edk@kew.com</A>><BR>To: Alejandro =
Ram=EDrez <<A=20
href=3D"mailto:ales@megared.net.mx">ales@megared.net.mx</A>><BR>Cc:=20
freebsd-questions <<A=20
href=3D"mailto:freebsd-questions@FreeBSD.ORG">freebsd-questions@FreeBSD.O=
RG</A>><BR>Sent:=20
Tuesday, May 25, 1999 2:18 PM<BR>Subject: Re: which ftp =
proxy?<BR><BR><BR>>=20
No packets get through the firewall. The firewall system is dual homed.=20
No<BR>> packets are routed between the two addresses. (The internal =
network=20
is<BR>> 192.168.19.x, so it would be very bad if packets were=20
routed.)<BR>> If I want to ftp out I need to log onto the firewall =
machine=20
and ftp from<BR>there<BR>> then ftp again (using an ftp server on the =
firewall that only connects to<BR>the<BR>> inside network) from the =
firewall=20
to my desktop.<BR>><BR>> =
-EdK<BR>><BR>>=20
Alejandro Ram=EDrez wrote:<BR>><BR>> > Hi,<BR>> ><BR>> =
> If=20
you are behind a firewall, and the ports:<BR>> ><BR>> >=20
ftp-data =20
20/tcp #File Transfer [Default Data]<BR>> >=20
ftp-data =20
20/udp #File Transfer [Default Data]<BR>> >=20
ftp &nbs=
p; =20
21/tcp #File Transfer [Control]<BR>> >=20
ftp &nbs=
p; =20
21/udp #File Transfer [Control]<BR>> ><BR>> =
>=20
aren=B4t specifically blocked out by your system administrator (that=20
i<BR>don=B4t<BR>> > think they are), you must use the "passive" =
mode in ftp=20
transfers, the<BR>> > "passive" mode must be used always that you =
are=20
behind a firewall, this<BR>is a<BR>> > rule to have a good ftp =
session, if=20
your system administrator did<BR>> > specifically blocked out this =
ports,=20
you may ask him to unblock them out<BR>(in<BR>> > =
/etc/rc.firewall), since=20
this is simpler than to install a proxy server.<BR>And<BR>> > if =
you want=20
to have more security in your network, and you have already<BR>> > =
configured ipfw, then you may try to enable "natd" (network =
address<BR>> >=20
translation), it will let you have private ip addresses in your=20
network<BR>and<BR>> > go outside with a public address for all of =
your=20
machines (instead of<BR>> > installing a proxy server) but you =
still will=20
have to use the "passive"<BR>mode<BR>> > in ftp transfers.<BR>> =
><BR>> > Ales<BR>> ><BR>> > ----- Original Message=20
-----<BR>> > From: Ed Keith <<A=20
href=3D"mailto:edk@kew.com">edk@kew.com</A>><BR>> > To: =
Alejandro Ram=EDrez=20
<<A =
href=3D"mailto:ales@megared.net.mx">ales@megared.net.mx</A>><BR>>=20
> Cc: freebsd-questions <<A=20
href=3D"mailto:freebsd-questions@FreeBSD.ORG">freebsd-questions@FreeBSD.O=
RG</A>><BR>>=20
> Sent: Monday, May 24, 1999 11:29 PM<BR>> > Subject: Re: which =
ftp=20
proxy?<BR>> ><BR>> > > I don't think that will help =
since=20
all packets are blocked by the<BR>> > firewall.<BR>> > > =
I think=20
I need to use a proxy server. But I don't know which one =
would<BR>be<BR>>=20
> > best for my needs. (very small network, light volume, newbe=20
site<BR>admin.,<BR>> > > paranoid domain administrator who may =
want me=20
to justify why I picked<BR>the<BR>> > one<BR>> > > decide =
to=20
use.)<BR>> > ><BR>> > > =
-EdK<BR>>=20
> ><BR>> > ><BR>> > > Alejandro Ram=EDrez =
wrote:<BR>>=20
> ><BR>> > > > Hi,<BR>> > > ><BR>> > =
>=20
> Try the "passive" option in the ftp=20
program.<BR>> > > ><BR>> > > > Ales<BR>> > =
>=20
><BR>> > > > ----- Original Message -----<BR>> > =
> >=20
From: Ed Keith <<A =
href=3D"mailto:edk@kew.com">edk@kew.com</A>><BR>> >=20
> > To: freebsd-questions <<A=20
href=3D"mailto:freebsd-questions@FreeBSD.ORG">freebsd-questions@FreeBSD.O=
RG</A>><BR>>=20
> > > Sent: Sunday, May 23, 1999 6:14 PM<BR>> > > > =
Subject: which ftp proxy?<BR>> > > ><BR>> > > > =
> I'm=20
running FreeBSD 2.28 and ipfw. I want to install an ftp proxy<BR>so =
I<BR>>=20
> > > > can connect to ftp sites from behind the firewall. =
What=20
is<BR>> > recommended?<BR>> > > > ><BR>> > =
> >=20
> Thanks in advance,<BR>> > > > =
> =20
-EdK<BR>> > > > ><BR>> > > > ><BR>> =
> >=20
> ><BR>> > > > > To Unsubscribe: send mail to <A=20
href=3D"mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</A><BR>> =
> >=20
> > with "unsubscribe freebsd-questions" in the body of the=20
message<BR>> > > ><BR>> > > > To Unsubscribe: =
send mail=20
to <A =
href=3D"mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</A><BR>> =
>=20
> > with "unsubscribe freebsd-questions" in the body of the=20
message<BR>> > ><BR>><BR>><BR>><BR>> To =
Unsubscribe: send=20
mail to <A =
href=3D"mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</A><BR>>=20
with "unsubscribe freebsd-questions" in the body of the=20
message</FONT></DIV></BODY></HTML>
------=_NextPart_000_0086_01BEA6DB.D46FD4E0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008901bea705$bd815f40$f9a3f9cf>