From owner-freebsd-questions Fri Oct 18 7:18:30 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6069A37B401 for ; Fri, 18 Oct 2002 07:18:28 -0700 (PDT) Received: from mail.simrad.no (mail.simrad.no [193.69.73.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEE2C43E7B for ; Fri, 18 Oct 2002 07:18:26 -0700 (PDT) (envelope-from chip.wiegand@simrad.com) In-Reply-To: <7282201860.20021018132447@yahoo.com> Subject: Re: natd not allowing incoming ftp connections, but web is okay Sensitivity: To: Artem Okounev Cc: freebsd-questions@FreeBSD.ORG X-Mailer: Lotus Notes Release 6.0 September 26, 2002 Message-ID: From: chip.wiegand@simrad.com Date: Fri, 18 Oct 2002 07:14:51 -0700 X-MIMETrack: Serialize by Router on S_INET01/S_EXT(Release 5.0.11 |July 24, 2002) at 18.10.2002 16:18:38 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG owner-freebsd-questions@FreeBSD.ORG wrote on 10/18/2002 03:24:47 AM: > That is because of the nature of the FTP protocol. FTP uses > two separate TCP connections: one for commands (port 21) and > another one for data (port 20). What's going on when client > tries to establish the FTP session? I tried from my office using wsftp, twice, once in active mode and once in passive mode, both result in the following error: ! Can't get "ftp://66.114.152.128/" host entry ! Connection failed ftp://66.114.152.128/ > So if client uses active mode ftp you should not mention > port 20 in "redirect port" directive (data channel will be > aliased according to "alias address" directive): > redirect_port tcp 192.168.1.14:21 21 > If client uses passive mode FTP then you probably should use > two directives: > redirect_port tcp 192.168.1.14:21 21 > redirect_port tcp 192.168.1.14:49152-65535 49152-65535 Is it okay to have all 3 of the above redirect lines? I changed my natd.conf line for ftp to the first line above, and also added the other two lines. Is that a problem? > Is /var/log/alias.log exists and has correct permissions? It did exist, has two lines, but no error lines, so then I set the permissions to 755, it still didn't get written to, then I changed it to 777, still not getting written to. > You may also try to log events via syslog using > "log_facility" directive. Would that fill the syslog full of natd/firewall messages? Sometimes there are tons of messages. -- Chip > - -- > Best regards, > Artem mailto:aokounev@yahoo.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.0 (MingW32) > iD8DBQE9r+F6bOuJ0KL1C+MRAsAhAJ9uV3if84mDkq6DLy6mHDTLO1+V5ACdHf5/ > zIYu6XId3WVQPDqBdERC0FA= > =+gLt > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message