From owner-freebsd-questions  Mon Feb  3  9: 3:38 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5929A37B401
	for <freebsd-questions@FreeBSD.ORG>; Mon,  3 Feb 2003 09:03:37 -0800 (PST)
Received: from ephemeral.chemikals.org (cae57-161-024.sc.rr.com [66.57.161.24])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EF53C43FA7
	for <freebsd-questions@FreeBSD.ORG>; Mon,  3 Feb 2003 09:03:30 -0800 (PST)
	(envelope-from morganw@chemikals.org)
Received: from volatile.chemikals.org (root@adsl-18-164-190.gsp.bellsouth.net [68.18.164.190])
	by ephemeral.chemikals.org (8.12.6/8.12.6) with ESMTP id h13H3OQt028239;
	Mon, 3 Feb 2003 12:03:24 -0500 (EST)
	(envelope-from morganw@chemikals.org)
Received: from localhost (morganw@localhost [127.0.0.1])
	by volatile.chemikals.org (8.12.6/8.12.6) with ESMTP id h13H3UYw035952;
	Mon, 3 Feb 2003 12:03:30 -0500 (EST)
	(envelope-from morganw@chemikals.org)
Date: Mon, 3 Feb 2003 12:03:30 -0500 (EST)
From: Wesley Morgan <morganw@chemikals.org>
To: Redmond Militante <r-militante@northwestern.edu>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: ipf/ipnat and passive ftp
In-Reply-To: <20030203164339.GA1541@darkpossum>
Message-ID: <20030203120145.G35860@volatile.chemikals.org>
References: <20030203164339.GA1541@darkpossum>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, 3 Feb 2003, Redmond Militante wrote:

> rdr xl0 0.0.0.0/0 port 21 -> 192.168.1.50 port 21 tcp
> rdr xl0 0.0.0.0/0 port > 1023 -> 192.168.1.50 port > 1023 tcp
>
> any advice you could give would be highly appreciated.

Try this in your ipnat rules instead of the rdr:

map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp

Also, you might want to look at the IPFilter FAQ:

http://home.earthlink.net/~jaymzh666/ipf/index.html

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message