-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of eric wyzerski Sent: Monday, January 31, 2005 2:11 PM To: freebsd-questions@freebsd.org Subject: Ftp behind firewall/nat
Hi,
For a whole day I tried to make an ftp who is behind the firewall to work but Im not able. My ipf rules are:
pass in quick from any to any pass out quick from any to any
So it is not a ipf problem. My ipnat rules are:
map rl0 10.0.0.0/8 -> 0/32
rdr rl0 X.X.X.X/32 port 21 -> 10.1.1.6 port 21 tcp
where X.X.X.X is my external IP, rl0 my external interface and 10.1.1.6 the ftp server. I am able to login and when I do the dir command its freeze. I have do tcpdump and I see the SYN packet goes but its never get answer. I really need help/advise
First, ipnat is _first match_ unlike ipfilter which is _last match_, so in the above, you last rule would never apply. Your problem is well covered in the ipf-howto, do this:
map rl0 10.0.0.0/8 -> 0/32 proxy port ftp ftp/tcp map rl0 10.0.0.0/8 -> 0/32 portmap tcp/udp auto map rl0 10.0.0.0/8 -> 0/32
This gives you ftp not just for one client but for all of them.
Read the ipf-howto for more, read why you shouldn't try to reverse these rules if you are trying to setup an ftp-server!
Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
