[EMAIL PROTECTED] (Drain Fade) wrote in message news:<[EMAIL PROTECTED]>... > I'm having a problem hitting my FTP server via passive FTP from the > outside world. I have the right ports bring forwarded from the external > if and I'm just not seeing where this is breaking (too bad you can't > turn on logging on a rdr statement). My rules and findings follow: > > rdr on xl0 inet proto tcp from any to 216.XXX.XX.XXX port = ftp -> > 192.168.200.114 port 21 > rdr on xl0 inet proto tcp from any to 216.XXX.XX.XXX port 49152:65535 -> > 192.168.200.114 port > 49152:65535 > > pass in quick on xl0 inet proto tcp from any to 192.168.200.114 port = > ftp flags S/SA modulate state > pass in quick on xl0 inet proto tcp from any to 192.168.200.114 port >= > 49152 flags S/SA modulate state > > pass out quick on xl0 proto tcp from any to any port = ftp flags S/SA > modulate state queue ftp > pass out quick on xl0 proto tcp from any to any port >= 49151 flags S/SA > modulate state queue ftp > > Here's my connection on 21, nothing even shows up for the high ports and > I have the 21 and >=49152 in the same rule: > Jan 26 07:11:45.982234 rule 15/0(match): pass in on xl0: > XXX.XXX.XX.XXX.1394 > 192.168.200.114.21: S (src OS: Windows XP SP1) > 3459098578:3459098578(0) win 64512 <mss 1460,nop,nop,sackOK> (DF) > > Here's my ftp server listening on the port that it has selected the > client to connect to: > tcp 0 0 192.168.200.114.63465 *.* LISTEN > tcp 0 0 192.168.200.114.21 XXX.XXX.XX.XXX.1394 > ESTABLISHED > > It works internally on my network with a rdr on the internal if....and I > don't think I need ftp proxy for an inbound connection from the outside > world right ? Any help is greatly appreciated....
What is the passive port it tells the client to connect to ? Just went through this, in my case it was handing out the private IP. Real hard for a public address to connect to. Ethereal is a good tool. Also in my case I was using binat instead of rdr. btb
