Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Feb 2003 17:10:49 -0500 (EST)
From:      Marco Radzinschi <marco@radzinschi.com>
To:        Shane Hickey <shane@howsyournetwork.com>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   Re: ipf ftp proxy problem?
Message-ID:  <20030218170705.P57549-100000@radzinschi.com>
In-Reply-To: <1045544921.28324.10.camel@daneel>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 17 Feb 2003, Shane Hickey wrote:

> Howdy all,
> 	I have a freebsd firewall and I want to be able to do make both passive
> and active ftp client connections from my inside network to the outside
> world.  I'm using ipf and ipnat compiled into the kernel.  I followed
> the IPF HOWTOs that I've read and I'm hitting a brick wall.
> 	My outside interface is dc0 and let's say my outside IP is 1.1.1.1.
> I've tried both of the following rules in my /etc/ipnat.rules file with
> no success.
>
> map dc0 0/0 -> 1.1.1.1/32 proxy port 21 ftp/tcp
> map dc0 0/0 -> 0/32 proxy port ftp ftp/tcp
>
> 	When I say no success, I mean that I am able to establish a remote ftp
> connection, but when I do a 'ls' I get a
>
> 425 Can't build data connection: No route to host
>
> I'm sure I'm doing something foolish, so any advice would be greatly
> appreciated.  Oh yeah, I'm running FreeBSD5.0-release and IPF version
> 3.4.29.
>
> Thanks in advance for any help.
>
> --
> Shane Hickey : Network/System Consultant
> GPG KeyID: 777CBF3F
> Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F
> Listening to: MC5 - 12 I Can Only Give you Everyth


Place the following BEFORE any other rules, and replace $intsubnet with
your internal subnet.  The second rule will allow active FTP from the
firewall itself.

map dc0 $intsubnet -> 1.1.1.1/32 proxy port ftp ftp/tcp
map dc0 1.1.1.1/32 -> 1.1.1.1/32 proxy port ftp ftp/tcp

Marco Radzinschi
E-Mail: marco@radzinschi.com

Tue Feb 18 17:07:05 EST 2003


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030218170705.P57549-100000>