different between this two scripts???FTP Problems

Fri, 18 Feb 2005 09:28:52 -0800


  I am using freebsd 4.10 p5, running ipfilter in the kernel. But i have this question, what is the different between this to scrips:

********************************************before cool****************************************************
   /etc/ip.rules
   pass out quick on tun0 proto tcp from any to any flags S keep state
   pass out quick on tun0 proto udp from any to any keep state
   pass out quick on tun0 proto icmp from any to any keep state

   ****my Private nick si ed0 and he can walk free***

   /etc/ipnat.rules
   map tun0 192.168.1.0/24 -> 0/32
********************************************before cool****************************************************
***************************************new problems FTP****************************************************
   And the new

   /etc/ipf.rules
   pass out quick on tun0 proto tcp from any to any port = 21 flags S keep state
   pass out quick on tun0 proto tcp from any to any port = 80 flags S keep state

   ****my Private nick si ed0 and he can walk free***
  
  /etc/ipnat.rules
  map tun0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp 
  map tun0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000
  map tun0 192.168.1.0/24 -> 0/32
***************************************new problems FTP****************************************************

   I ask this because, the first none of my clients(win xp, win98, win2k, freebsd) was having problems accessing any service, FTP, WEB, HTTPS, etc.

   But went i change my rules to be more defined if  they want to access the freebsd server example, the server say:

ftp> ls
    Entering passive mode
    ftp: connect no route to host
   
    Ok i read that this a  protocol desing problem, but what is the different between this to scrips???
    why the first one dont have any problems and the second one give this problems???

    Any information will be aprecite.

   Thanks in advanced.

NOTE: Some one give a tip: he say to resolve this problem just add a new rule on /etc/ipnat
  map tun0 192.168.1.0/24 -> (ftp.server.ip)/32 proxy port 21 ftp/tcp 
  map tun0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp 
  map tun0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000
  map tun0 192.168.1.0/24 -> 0/32

 

 
Create tu cuenta webmail en http://www.starlinux.net

Reply via email to