From owner-freebsd-questions@FreeBSD.ORG Sun May 17 21:27:00 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F2771065674 for ; Sun, 17 May 2009 21:27:00 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from mail-gx0-f214.google.com (mail-gx0-f214.google.com [209.85.217.214]) by mx1.freebsd.org (Postfix) with ESMTP id 12ECD8FC12 for ; Sun, 17 May 2009 21:26:59 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by gxk10 with SMTP id 10so1985063gxk.19 for ; Sun, 17 May 2009 14:26:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=kYi0cRsxtjS+PxhC7Ym1keAru/iYKnPYQrXYB16aOiw=; b=qlQuGcLYg4ovumdetU0QW5ghtOflAv0ps5TYRKECC+MVIyGbq3mKCR31l1iQwBReT9 kVH0JzGySt86ulWuXG+NbgX3lYZ7oKQikYjvmNIPUzCFKNi8fgvNq1u2IMg2QlTJ/R46 g69+OqeeAvqWOftjDWWW1hO0vGWFyzNI9EUoE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=mUIucg/QpIX+5QLiv6Ulvq61olTAXRJr/INh1o1EpSWb2HH5de3R6zIbhyD/BEUA4F BCdNB51BeGJPJOpmXKOuJGxPtNRjdWPAYb3ypLzHn2wlw6/Quup9+kO6H7IsTGMG5g+G HxhCCNe/LIi05Ha71hdqOwRHB6G8X4gU63OSg= MIME-Version: 1.0 Received: by 10.151.7.17 with SMTP id k17mr10952871ybi.304.1242595617511; Sun, 17 May 2009 14:26:57 -0700 (PDT) In-Reply-To: <20090517230544.7e0a8170@baby-jane.lamaiziere.net> References: <6ae50c2d0905130958r6877114bgbea6a4f717c1287d@mail.gmail.com> <6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com> <991123400905132259n2e99fa40g9ef9c18514ab0637@mail.gmail.com> <4A0F1724.50205@telia.com> <6ae50c2d0905171316y6a5ef955u3517366d71229e70@mail.gmail.com> <20090517230544.7e0a8170@baby-jane.lamaiziere.net> Date: Sun, 17 May 2009 17:26:57 -0400 Message-ID: <6ae50c2d0905171426i228c001aw4c604e456900214f@mail.gmail.com> From: alexus To: =?UTF-8?Q?Patrick_Lamaizi=C3=A8re?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-questions@freebsd.org" Subject: Re: ipnat port-range X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 21:27:00 -0000 2009/5/17 Patrick Lamaizi=C3=A8re : > Le Sun, 17 May 2009 16:16:51 -0400, > alexus : > >> i dont see how things are obvious for you as they not so obvious for >> me. first of all my ipf default policy to allow everything. >> >> so the original question is for ipnat and not for ipf >> >> now for non-passive (active) i put in these rules >> >> rdr bce0 0/0 port ftp-data -> lama port ftp-data tcp >> rdr bce0 0/0 port ftp -> lama port ftp tcp >> >> and for pasv i still dont know what to do >> >> i've tried >> >> rdr bce0 0/0 port 49152-65534 -> lama port 65534 >> >> and in my ftp i said that this is range for pasv connections > > I don't think there is a way to redirect a ports ranges to a ports > range with ipnat. For my ftp server I redirect each port (I use 30000 > to 30039 for FTP) with a rule: > rdr vr0 0.0.0.0/0 port 21 -> 192.168.1.4 port 21 > rdr vr0 0.0.0.0/0 port 30000 -> 192.168.1.4 port 30000 > rdr vr0 0.0.0.0/0 port 30001 -> 192.168.1.4 port 30001 > ... > rdr vr0 0.0.0.0/0 port 30038 -> 192.168.1.4 port 30038 > rdr vr0 0.0.0.0/0 port 30039 -> 192.168.1.4 port 30039 > > For ipnat see > http://www.westworks.ch/~chris/netbsd/NetBSD-NAT-FTP-server.html > > Regards. > i've spoke with Chris, he suggest i use rdr bce0 0/0 port 49152-65534 -> lama port 49152 tcp or use openbsd's pf with rdr on bce0 proto tcp from any to any port 49152:65534 -> lama port 49152:* for now and i'm still testing, i was able to get where i want with rdr bce0 0/0 -> lama proxy port ftp ftp/tcp so far seems to be working... if not i'll try chris suggestion --=20 http://alexus.org/