From owner-freebsd-questions@FreeBSD.ORG  Sat Mar 25 20:49:15 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2B4B816A401
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Mar 2006 20:49:15 +0000 (UTC) (envelope-from rperry@gti.net)
Received: from apollo.gti.net (apollo.gti.net [199.171.27.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DF5A943D46
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Mar 2006 20:49:14 +0000 (GMT) (envelope-from rperry@gti.net)
Received: from [192.168.1.15] (ts6m-pool0-100.gti.net [208.216.115.100])
	by apollo.gti.net (mail) with ESMTP id C525335B2A
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Mar 2006 15:38:45 -0500 (EST)
Message-ID: <4425AC1A.9010201@gti.net>
Date: Sat, 25 Mar 2006 15:46:18 -0500
From: Bob Perry <rperry@gti.net>
User-Agent: Thunderbird 1.5 (X11/20060205)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: "No Route to Host" Error with FTP Transfers
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Mar 2006 20:49:15 -0000

Hello,
Approximately 90%-95% of file transfers during portupgrade result in the 
error message "No route to Host".  If the file in question resides only 
on an ftp site, I disable the firewall in order to transfer the file in.

Yesterday, I resorted to commenting out the second of three IPNAT Rules 
in my /etc/ipnat.rules file, modeled after the Handbook version in 
section 25.5.21.1, and was able to complete the upgrade.  Not sure I 
would recommend this procedure however...My rules follow:

  This rule will handle all the traffic for the internal LAN:
  map tun0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp

  This rule handles the FTP traffic from the gateway:
  map tun0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp

  This rule handles all non-FTP traffic from the internal LAN:
  map tun0 192.168.1.0/24 -> 0/32


If I was reading Ethereal correctly, packets/data returning from the ftp 
site made it to the gateway, 192.168.1.254, but couldn't make it to the 
host, 192.168.1.15.  The message was something like, "Host unreachable".

Admittedly, I have little knowledge or expertise in this matter and 
would appreciate your suggestions to help resolve this issue.  Do my 
rules follow protocol?  Are they accurate?

I built my IPF Firewall using the Handbook and reviewed most, if not 
all, of the recommended websites for more assistance and understanding.

Thanks,
Bob