From owner-freebsd-questions Mon Mar 10 15:31:23 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 609B537B404 for ; Mon, 10 Mar 2003 15:31:21 -0800 (PST) Received: from ns.museum.rain.com (gw-ipinc.museum.rain.com [206.29.169.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67F0843F93 for ; Mon, 10 Mar 2003 15:31:20 -0800 (PST) (envelope-from list@museum.rain.com) Received: from ns.museum.rain.com (localhost [127.0.0.1]) by ns.museum.rain.com (8.12.6/8.12.6) with ESMTP id h2ANVFKW052126; Mon, 10 Mar 2003 15:31:19 -0800 (PST) (envelope-from list@ns.museum.rain.com) Received: (from list@localhost) by ns.museum.rain.com (8.12.6/8.12.6/Submit) id h2ANVA2N052125; Mon, 10 Mar 2003 15:31:10 -0800 (PST) (envelope-from list) Date: Mon, 10 Mar 2003 15:31:10 -0800 From: James Long To: Sanne Taaij Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Reaching FTP on internal network behind NAT/router FreeBSD 4.7 Message-ID: <20030310153110.A52044@ns.museum.rain.com> Reply-To: james_mapson@museum.rain.com References: <3E698EB5@webmail.helo.hanze.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3E698EB5@webmail.helo.hanze.nl>; from s.e.j.taaij@st.hanze.nl on Mon, Mar 10, 2003 at 11:42:11PM +0100 X-Spam-Status: No, hits=-1.9 required=5.0 tests=IN_REP_TO,REFERENCES,SPAM_PHRASE_03_05,USER_AGENT, USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Mar 10, 2003 at 11:42:11PM +0100, Sanne Taaij wrote: > > My goal is to connect from the internet to my FTP which is running on my > internal network at :6666. So I figured to use port redirection > on my FreeBSD NAT/router.Which consists of 2 nic, rl0 and rl1 > . > > ------------------ > /etc/rc.conf > defaultrouter= > firewall_type="open" > natd_flags="-s -u -m redirect_port tcp :6666 6666 redirect_port > udp :6666 6666" > ------------------ Please forgive the obvious, but do you also have natd_enable="YES" to make the NAT daemon start? > I can't connect with an ftp client from one > of the internal ip adresses to my public adress. That will not work. From the internal net, you will need to ftp to :6666 directly. NAT processes only those packets which travel via the external interface of your NAT/firewall box. To test the NAT and firewall rules, you will have to test from a machine outside your firewall. If you have access to a dial-up account, that will suffice, or perhaps you can ssh to a shell account on another machine, and then try to ftp back to your public IP. I would suggest you test first from the internal LAN to ensure that you can ftp on port 6666 to the internal IP of your ftp server. This will show you whether the ftp server itself is working as you think it should. Once you know the ftp works on the internal LAN, then you can test from a machine _outside the firewall_ to get the natd redirection happening. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message