From owner-freebsd-questions Tue Dec 7 7:39:51 1999 Delivered-To: freebsd-questions@freebsd.org Received: from www.menzor.org (themoonismadeofgreenchease.dk [195.249.147.160]) by hub.freebsd.org (Postfix) with ESMTP id 68D3414BE7 for ; Tue, 7 Dec 1999 07:39:46 -0800 (PST) (envelope-from morten@seeberg.dk) Received: from SOS (fwuser@gw.danadata.com [194.239.79.3]) by www.menzor.org (8.8.8/8.8.8) with SMTP id RAA18710 for ; Tue, 7 Dec 1999 17:57:55 +0100 (CET) (envelope-from morten@seeberg.dk) Message-ID: <044101bf40c9$1f949aa0$1600a8c0@SOS> Reply-To: "Morten Seeberg" From: "Morten Seeberg" To: Subject: NATD and REDIRECT_PORT problem Date: Tue, 7 Dec 1999 16:38:31 +0100 Organization: SWAMP MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.5600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I have a BSD with a "real" IP. I want it to forward port 666 from the external IP to an Internal FTP server running on port 666 (running Windows Serv-U - I have no influence on this machine :) ) The BSD is not running IPFIREWALL, just natd. When configured as below, the only thing I can do, is connect to the FTP from machines with real IP adresses and not using passive FTP. This probably works, because the internal FTP can open data-ports with no restrictions to the machine on the Internet. But whenever a client behind a firewall some place tries, it wount work, because then the internal FTP isnīt allowed to communicate on other ports to the client. This is where passive FTP comes into the picture as far as I understand, this means, that every port that needs to be opened to the FTP will be opened from the client. So, i I ran a TCPDUMP on the BSD on the external interface, and tried to connect to the internal FTP using passive FTP, login and password no problems. Then I tried to do a LS, and thought this is where id probably see some new ports opening, but I didnt??? So how is this done??? The 3.3-RELEASE is configured with this: firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="open" natd_enable="YES" natd_flags="-f /etc/rc.natd" natd_interface="ed1" and rc.natd: use_sockets same_ports redirect_port tcp 192.168.2.101:666 666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /\/\orten $eeberg, Systems Consultant @ Merkantildata - Enterprise Solutions #echo 'System Administrators suck :)' > /dev/console To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message