Hi all. I have an freebsd ftp server behind a freebsd firewall. The firewall is using ipfilter and ipnat. Everything works great except for my ftp service (have http and smtp too). I am trying to set it up to be passive which i understand is better for those who connect to my server. The way it stands right now, users can connect and login, but can't get a directory listing. They get an error that says "Can't build the data connection: no route to host". I have adjusted the following sysctls to limit the data ports that ftpd uses: net.inet.ip.portrange.hifirst: 60000 net.inet.ip.portrange.hilast: 65000 To accomidate this port range I have the following in my ipf.rules: pass out proto tcp all keep state pass in quick on fxp1 proto tcp from any to any port 60000 >< 65000 flags S keep state My ipnat.rules file contains the following entry to forward port 21 to my ftp server (X.X.X.X = external ip): rdr fxp1 X.X.X.X/32 port 21 -> 192.168.1.2 port 21 That's basically all I have set up. I think I need to somehow redirect ports 60000 - 65000 to my ftp server to get it to work but I don't know how without putting in 5000 entries in my ipnat.rules. If that's not it, i'm lost. Any suggestions? Thanks, Brian _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"