Date: Thu, 27 Dec 2001 01:32:35 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: alexus <ml@db.nexgen.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: jail & ftp Message-ID: <20011227013235.G2090@blossom.cjclark.org> In-Reply-To: <000d01c18e8c$81e15b40$0100a8c0@alexus>; from ml@db.nexgen.com on Wed, Dec 26, 2001 at 11:11:06PM -0500 References: <000d01c18e8c$81e15b40$0100a8c0@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 26, 2001 at 11:11:06PM -0500, alexus wrote:
> Hello
>
> I'm not quite sure if I'm posting to right list but I'll try anyway, all
> right here it goes..
>
> I have set up jail and inside of this jail i run ftp (proftpd) using ipf i
> was able to forward all traffic for port 21 and 20 to my jail cell, however
> it only works if person uses PORT mode instead of PASV mode, many people
> prefer/uses PASV mode.
>
> here is the question:
>
> does anyone knows or even is it possible to make it work in PASV mode
> instead of PORT?
Sure. Why are you using ipf(8) (well, I guess ipnat(8) actually) to
forward connections to the jail? Why don't you give the jail the IP
address that people are trying to connect to? This makes the NAT games
unecessary.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011227013235.G2090>