From owner-freebsd-questions Wed Feb 19 20:26:40 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8FDFE37B401 for ; Wed, 19 Feb 2003 20:26:39 -0800 (PST) Received: from tctisp1.tctwest.net (tctisp1.tctwest.net [216.166.159.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7E4B43F3F for ; Wed, 19 Feb 2003 20:26:38 -0800 (PST) (envelope-from shane@howsyournetwork.com) Received: from [192.168.1.102] (hidden-user@gnat.tctwest.net [216.166.159.4]) by tctisp1.tctwest.net (8.11.3/8.11.3) with ESMTP id h1K4QoI07230; Wed, 19 Feb 2003 21:26:51 -0700 (MST) Subject: Re: ipf ftp proxy problem? From: Shane Hickey To: Marco Radzinschi Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <20030218170705.P57549-100000@radzinschi.com> References: <20030218170705.P57549-100000@radzinschi.com> Content-Type: text/plain Organization: How's your network? Message-Id: <1045715184.1070.11.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1- Date: 19 Feb 2003 21:26:24 -0700 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 2003-02-18 at 15:10, Marco Radzinschi wrote: > Place the following BEFORE any other rules, and replace $intsubnet with > your internal subnet. The second rule will allow active FTP from the > firewall itself. > > map dc0 $intsubnet -> 1.1.1.1/32 proxy port ftp ftp/tcp > map dc0 1.1.1.1/32 -> 1.1.1.1/32 proxy port ftp ftp/tcp Hmm... I had never tried to ftp from the actual firewall box. I just added the second rule and I am now able to do active ftp from the firewall box, but not from any of the internal boxes. I'm sending ipmon data to syslog and I can't see hide nor hair of anything in the logs pertaining to these failed active sessions. Does anyone have any idea of some troubleshooting steps I might take? Thanks, shane To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message