Not working using port 20, i made some test with but went i display ipf info:
ipf# ipfstat -ho
no connection over port 20, i already fix the problem.
1; Change /etc/ipfilter
before
map tun0 192.198.0.1/24 -> 0/32 proxy port ftp ftp/tcp
map tun0 192.168.0.1/24 -> 0/32 portmap 20000:60000
map tun0 192.168.0.1/24 -> 0/32
after
map tun0 0/32 -> 0/32 proxy port ftp ftp/tcp
map tun0 0/32 -> 0/32 portmap 20000:60000
map tun0 0/32 -> 0/32
2;
ipf # setenv FTP_PASSIVE_MODE no
And my FreeBSD box can work with out any problems.
The machine that was having problems was my firewall with freebsd 4.11 release, i test with one of my clients Win 2k:
--->Firefox 1.0 OK
--->Iexplorer 6.0 OK
--->cmd OK
Thanks Alexandre Vasconcelos for your advice!!!
--- Alexandre Vasconcelos <[EMAIL PROTECTED]> wrote:
From: Alexandre Vasconcelos <[EMAIL PROTECTED]>
Date: Fri, 18 Feb 2005 16:21:25 -0200
To: [EMAIL PROTECTED]
Subject: Re: different between this two scripts???FTP Problems
bsdboy wrote:
>
> I am using freebsd 4.10 p5, running ipfilter in the kernel. But i have
> this question, what is the different between this to scrips:
>
> ********************************************before
> cool****************************************************
> /etc/ip.rules
> pass out quick on tun0 proto tcp from any to any flags S keep state
> pass out quick on tun0 proto udp from any to any keep state
> pass out quick on tun0 proto icmp from any to any keep state
>
> ****my Private nick si ed0 and he can walk free***
>
> /etc/ipnat.rules
> map tun0 192.168.1.0/24 -> 0/32
> ********************************************before
> cool****************************************************
> ***************************************new problems
> FTP****************************************************
> And the new
>
> /etc/ipf.rules
> pass out quick on tun0 proto tcp from any to any port = 21 flags S
> keep state
> pass out quick on tun0 proto tcp from any to any port = 80 flags S
> keep state
>
> ****my Private nick si ed0 and he can walk free***
>
> /etc/ipnat.rules
> map tun0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp
> map tun0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000
> map tun0 192.168.1.0/24 -> 0/32
> ***************************************new problems
> FTP****************************************************
>
> I ask this because, the first none of my clients(win xp, win98,
> win2k, freebsd) was having problems accessing any service, FTP, WEB,
> HTTPS, etc.
>
> But went i change my rules to be more defined if they want to access
> the freebsd server example, the server say:
>
> ftp> ls
> Entering passive mode
> ftp: connect no route to host
>
> Ok i read that this a protocol desing problem, but what is the
> different between this to scrips???
> why the first one dont have any problems and the second one give
> this problems???
>
> Any information will be aprecite.
>
> Thanks in advanced.
>
> NOTE: Some one give a tip: he say to resolve this problem just add a new
> rule on /etc/ipnat
> map tun0 192.168.1.0/24 -> (ftp.server.ip)/32 proxy port 21 ftp/tcp
> map tun0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp
> map tun0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000
> map tun0 192.168.1.0/24 -> 0/32
You must have rules for port 20 tcp on your ipf.rules, add this:
pass out quick on tun0 proto tcp from any to any port = 20 flags S keep
state
--
Alexandre Vasconcelos
The FreeBSD pt_BR Documentation Project
Unix Admin
SSP/GO
Create tu cuenta webmail en http://www.starlinux.net
- different between this two scripts???FTP Problems bsdboy
- bsdboy
