Date: Wed, 26 Dec 2001 16:03:38 +0000 From: Josh Paetzel <friar_josh@webwarrior.net> To: Johann Sharizan <johann@broadpark.no> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Passive FTP/DCC behind NAT -- What ports do they go through? Message-ID: <20011226160338.A252@twincat.vladsempire.net> In-Reply-To: <20011226223353.7908b2ed.johann@broadpark.no>; from johann@broadpark.no on Wed, Dec 26, 2001 at 10:33:53PM %2B0100 References: <20011226223353.7908b2ed.johann@broadpark.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 26, 2001 at 10:33:53PM +0100, Johann Sharizan wrote: > Hello again, > > Anyone here with an ADSL provider staticly connecting you through their NAT? > Anyone here with an Cisco 677i-DIR ADSL-router, which requires a port redirection > entry through telnet each time you want to open a new port? I've heard opening > them all can be destructive to your ugly black dildo-shaped routten, in fact I > tried it once, though I ain't no more. > > All ordinary daemons; SSHD, FTPD, BIND, Apache etc. works great; > > ftpd/sshd: set nat entry add 10.0.0.2 20-22 0.0.0.0 20-22 tcp > www: set nat entry add 10.0.0.2 80 0.0.0.0 80 tcp > bind: set nat entry add 10.0.0.2 53 0.0.0.0 53 tcp > identd: set nat entry add 10.0.0.2 113 0.0.0.0 113 tcp > > I'm a bit uncertain, however, when it comes to opening a port or range of ports > to get passive FTP mode working on my virtual ProFTPD server (port 2001), as well > as DCC in Irssi. I've heard those services go through the IANA-registered > ephemeral port-range (49152-65535); > > sysctl net.inet.ip.portrange.hifirst > /net.inet.ip.portrange.hilast > > So I went ahead opening those ports as well. Just about to close them > though. Passive and DCC is not working. Incoming DCC file transfers are, > according to Irssi, coming from ports way lower -- i.e. 4384. > > What do I open and what do I not? > > Thanks. > > Regards, > Johann In your situation I usually use the -punch_fw option to natd. Essentially what that does is watch the packets for the incoming port number, then inserts a dynamic rule into your ruleset to open the port. man natd for details. Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011226160338.A252>