I use freebsd 5.4(with OPTION IPFW on and IPFIREWALL_DEFAULT_TO_ACCEPT on)+apache+pureftp+natd to setup a server used for ftp/web server and as a getway for share network too.
My network like this: ------(oip:x.x.x.a)------ | | (oif:em0)-->| |-->(internet getway:x.x.x.254) ^ | | | ---(oip alias0:x.x.x.b)-- | | (iif:em1,iip:192.168.100.254)<-------(inet 192.168.100.254/16)<---(intranet) I bind oip:x.x.x.a as httpd and pureftpd serverip,and use em0_aliase0(x.x.x.b) as natd's interface. And use of rc.firewall rule: 'open . So my intranet can share internet normaly through natd on x.x.x.b,and http server work normaly too.And the users of intranet(192.168.100.254/16) can visit pureftpd correctly. My problem is:the users of internet can't visited my pureftpd on x.x.x.a correctly,The debug information like below.From the erro,it's like that ipfw rule was wrong.If I cancel em0_alias0(x.x.x.b),and set natd_interface to (x.x.x.a),it work very well! Is there some one meet this problem before?Give me help please! ========================================= *** CuteFTP Pro 6.0 - build Mar 25 2004 *** STATUS:> Getting listing ""... STATUS:> Resolving host name x.x.x.a... STATUS:> Host name x.x.x.a resolved: ip = x.x.x.a. STATUS:> Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)... STATUS:> Socket connected. Waiting for welcome message... 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-Local time is now 23:07. Server port: 21. 220 You will be disconnected after 15 minutes of inactivity. STATUS:> Connected. Authenticating... COMMAND:> USER tmp 331 User tmp OK. Password required COMMAND:> PASS ***** 230-User tmp has group access to: www 230 OK. Current restricted directory is / STATUS:> Login successful. COMMAND:> PWD 257 "/" is your current location STATUS:> Home directory: / COMMAND:> FEAT 211-Extensions supported: EPRT IDLE MDTM SIZE REST STREAM MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; MLSD ESTP PASV EPSV SPSV 211 End. STATUS:> This site supports features. STATUS:> This site supports SIZE. STATUS:> This site can resume broken downloads. COMMAND:> REST 0 350 Restarting at 0 COMMAND:> PASV 227 Entering Passive Mode (x,x,x,a,158,251) STATUS:> Connecting FTP data socket x.x.x.a:40699... ERROR:> The connection failed due to an error or timeout. 1) Verify that the destination IP address is correct. ...... 12) Verify that your anti-virus software is not at fault (try disabling it). ERROR:> PASV failed, trying PORT. STATUS:> Waiting 0 seconds... STATUS:> Getting listing "/"... STATUS:> Resolving host name x.x.x.a... STATUS:> Host name x.x.x.a resolved: ip = x.x.x.a. STATUS:> Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)... STATUS:> Socket connected. Waiting for welcome message... 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-Local time is now 23:08. Server port: 21. 220 You will be disconnected after 15 minutes of inactivity. STATUS:> Connected. Authenticating... COMMAND:> USER tmp 331 User tmp OK. Password required COMMAND:> PASS ***** 230-User tmp has group access to: www 230 OK. Current restricted directory is / STATUS:> Login successful. COMMAND:> PWD 257 "/" is your current location STATUS:> Home directory: / STATUS:> This site supports features. STATUS:> This site supports SIZE. STATUS:> This site can resume broken downloads. COMMAND:> REST 0 350 Restarting at 0 COMMAND:> PORT 192,168,123,104,6,18 200 PORT command successful COMMAND:> LIST ERROR:> Timeout (60000 ms) occurred on receiving server response. ========================================= content of /etc/rc.conf: ====================== hostname="x.x.x.a" ifconfig_em0="inet x.x.x.a netmask 255.255.255.0" ifconfig_em0_alias0="inet x.x.x.b netmask 255.255.255.0" ifconfig_em1="inet 192.168.100.254 netmask 255.255.255.0" defaultrouter="x.x.x.254" static_routes="inside" route_inside="-net 192.168.100.254/16 192.168.100.1" #proxy: gateway_enable="YES" firewall_enable="YES" firewall_type="simple" natd_enable="YES" natd_interface="x.x.x.b" nat_flag="-a x.x.x.b" #servers: inetd_enable="YES" #pureftpd_enable="YES" apache2_enable="YES" ======================= content of /etc/inetd.conf: ============================== ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd -Sx.x.x.a,21 -Px.x.x.a -lmysql:/usr/local/etc/pureftpd-mysql.conf -A -j -D -Oclf:/web/logs/ftp/pureftp.log #ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4 ============================== _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"