Date: Tue, 21 Sep 1999 07:29:40 +0100 From: Brian Somers <brian@Awfulhak.org> To: Eivind Eklund <eivind@FreeBSD.ORG> Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: Best way to do FTP with NAT and firewall? Message-ID: <199909210629.HAA00563@keep.lan.Awfulhak.org> In-Reply-To: Your message of "Mon, 20 Sep 1999 16:27:42 %2B0200." <19990920162742.A12619@bitbox.follo.net>
index | next in thread | previous in thread | raw e-mail
> On Fri, Sep 17, 1999 at 09:16:11AM -0600, Brett Glass wrote:
> > I've just set up a firewall for a client using ipfw and natd. Trouble is, his software seems to be particularly insistent on doing active, rather than passive, FTP. This poses a problem, of course, because a remote system can't open just data sockets to one behind the firewall due to NAT.
> >
> > I've worked with plenty of commercial firewalls that monitor FTP control connections and spoof the port number for the data sockets. SLiRP does it; so, apparently, does the pppd that comes with FreeBSD. But I can't find any documented way to do it with ipfw and natd.
> >
> > Are there undocumented commands to accomplish this?
>
> Using the hooks I added to libalias to accomplish this. That would,
> however, require some small mods to the natd code (about 20-50 lines,
> I guess).
[.....]
Something like src/lib/libalias/alias_ftp.c ? Am I missing
something ?
> Eivind.
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909210629.HAA00563>