Date: Wed, 2 Jul 2003 23:38:22 -0400 From: "Kevin Reiter" <kevin@njcs-online.net> To: <freebsd-ipfw@freebsd.org> Subject: Re: Passive FTP ipfw issue Message-ID: <000701c34114$8e083600$0500a8c0@zeus> References: <794C454376DCD6118B3200104B86ECFF03A5678B@n073.banrisul>
next in thread | previous in thread | raw e-mail | index | archive | help
> The problem is that the dynamic rule 00510 will expire in 20 seconds > (lifetime control net.inet.ip.fw.dyn_syn_lifetime=20). The connection timer > seems to indicate that itīs > waitintg for a completed 3-way handshake and hasnīt seen the other SYN. > > Is there anything wrong with these rules? What am I missing ? > What do you have in natd.conf? I'm running 4.7-RELEASE myself and have a Win32 FTP server on my inside net that is visible to the outside, and I have 1 line in /etc/natd.conf that redirects all requests to port 21 to my inside server (no anon logins.) I don't have anything in my firewall rules (should I?) for FTP use_sockets yes same_ports yes dynamic yes #For FTP to Zeus: redirect_port tcp 192.168.0.5:21 21 Mind you, I'm no rocket scientist or BSD expert, but I've been using this since January, and it's been working for me OK sofar. (...and yes, I know...OE is evil, but I was in the middle of playing NeverwinterNights and needed a break =) Hope this helps... -Kevin Reiter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c34114$8e083600$0500a8c0>