From owner-freebsd-questions Tue Apr 11 17:14:16 2000 Delivered-To: freebsd-questions@freebsd.org Received: from lh2.rdc1.tx.home.com (ha2.rdc1.tx.home.com [24.4.0.67]) by hub.freebsd.org (Postfix) with ESMTP id CEA0237B61E for ; Tue, 11 Apr 2000 17:14:12 -0700 (PDT) (envelope-from sgraves66@home.com) Received: from home.com ([24.11.22.177]) by lh2.rdc1.tx.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000412001412.NTUM17531.lh2.rdc1.tx.home.com@home.com> for ; Tue, 11 Apr 2000 17:14:12 -0700 Message-ID: <38F3BFB3.71F840FA@home.com> Date: Tue, 11 Apr 2000 19:13:39 -0500 From: Scott Graves X-Mailer: Mozilla 4.72 [en] (X11; I; FreeBSD 4.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: NATD and IPFW Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I recently switched from a Linux gateway to FBSD 4.0. With Linux I had IP masquerading enabled (similar to NAT) and basically openned only the IP ports which were used by my employees. With FBSD, by default, no incomming connections are allowed. I have successfully enabled WWW, DNS, SMTP, POP3 and RealAudio through the FBSD gateway machine running NATD. However, after openning ports 20 and 21 for FTP access, I receive this error when trying to list ftp dir contents: Apr 11 18:30:45 gateway natd[114]: failed to write packet back (Permission denied) I am able to connect to FTP sites, but not dn/up or list files without receiving this error. This is what I have in rc.firewall which should allow for FTP access: # Allow FTP connections ${fwcmd} add pass tcp from any to any 21 setup ${fwcmd} add pass tcp from any to any 20 setup If I add: ${fwcmd} add pass tcp from any to any setup Everything works properly (of course). But I do not want to allow all TCP connections to the internet. What am I missing? Thanks, Scott Graves To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message