On 17 Feb 2003, Shane Hickey wrote:

> Howdy all,
>       I have a freebsd firewall and I want to be able to do make both passive
> and active ftp client connections from my inside network to the outside
> world.  I'm using ipf and ipnat compiled into the kernel.  I followed
> the IPF HOWTOs that I've read and I'm hitting a brick wall.
>       My outside interface is dc0 and let's say my outside IP is 1.1.1.1.
> I've tried both of the following rules in my /etc/ipnat.rules file with
> no success.
>
> map dc0 0/0 -> 1.1.1.1/32 proxy port 21 ftp/tcp
> map dc0 0/0 -> 0/32 proxy port ftp ftp/tcp
>
>       When I say no success, I mean that I am able to establish a remote ftp
> connection, but when I do a 'ls' I get a
>
> 425 Can't build data connection: No route to host
>
> I'm sure I'm doing something foolish, so any advice would be greatly
> appreciated.  Oh yeah, I'm running FreeBSD5.0-release and IPF version
> 3.4.29.
>
> Thanks in advance for any help.
>
> --
> Shane Hickey : Network/System Consultant
> GPG KeyID: 777CBF3F
> Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F
> Listening to: MC5 - 12 I Can Only Give you Everyth


Place the following BEFORE any other rules, and replace $intsubnet with
your internal subnet.  The second rule will allow active FTP from the
firewall itself.

map dc0 $intsubnet -> 1.1.1.1/32 proxy port ftp ftp/tcp
map dc0 1.1.1.1/32 -> 1.1.1.1/32 proxy port ftp ftp/tcp

Marco Radzinschi
E-Mail: [EMAIL PROTECTED]

Tue Feb 18 17:07:05 EST 2003


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to