I'm having a problem hitting my FTP server via passive FTP from the
outside world. I have the right ports bring forwarded from the external
if and I'm just not seeing where this is breaking (too bad you can't
turn on logging on a rdr statement). My rules and findings follow:
rdr on xl0 inet proto tcp from any to 216.XXX.XX.XXX port = ftp ->
192.168.200.114 port 21
rdr on xl0 inet proto tcp from any to 216.XXX.XX.XXX port 49152:65535 ->
192.168.200.114 port
49152:65535
pass in quick on xl0 inet proto tcp from any to 192.168.200.114 port =
ftp flags S/SA modulate state
pass in quick on xl0 inet proto tcp from any to 192.168.200.114 port >=
49152 flags S/SA modulate state
pass out quick on xl0 proto tcp from any to any port = ftp flags S/SA
modulate state queue ftp
pass out quick on xl0 proto tcp from any to any port >= 49151 flags S/SA
modulate state queue ftp
Here's my connection on 21, nothing even shows up for the high ports and
I have the 21 and >=49152 in the same rule:
Jan 26 07:11:45.982234 rule 15/0(match): pass in on xl0:
XXX.XXX.XX.XXX.1394 > 192.168.200.114.21: S (src OS: Windows XP SP1)
3459098578:3459098578(0) win 64512 <mss 1460,nop,nop,sackOK> (DF)
Here's my ftp server listening on the port that it has selected the
client to connect to:
tcp 0 0 192.168.200.114.63465 *.* LISTEN
tcp 0 0 192.168.200.114.21 XXX.XXX.XX.XXX.1394
ESTABLISHED
It works internally on my network with a rdr on the internal if....and I
don't think I need ftp proxy for an inbound connection from the outside
world right ? Any help is greatly appreciated....
- Re: NAT + Passive FTP problems... Drain Fade
- Re: NAT + Passive FTP problems... Brent Bolin
