From owner-freebsd-questions Mon Jan 17 3:11: 2 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.rdc1.tn.home.com (ha1.rdc1.tn.home.com [24.2.7.66]) by hub.freebsd.org (Postfix) with ESMTP id BF17814A31 for ; Mon, 17 Jan 2000 03:11:00 -0800 (PST) (envelope-from williamsl@Home.Com) Received: from RELIABLE ([24.4.115.31]) by mail.rdc1.tn.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000117111059.FSEX9818.mail.rdc1.tn.home.com@RELIABLE> for ; Mon, 17 Jan 2000 03:10:59 -0800 Date: Mon, 17 Jan 2000 06:11:02 -0500 From: Ben WIlliams X-Mailer: The Bat! (v1.34a) UNREG / CD5BF9353B3B7091 Reply-To: Ben WIlliams X-Priority: 3 (Normal) Message-ID: <12257.000117@Home.Com> To: FreeBSD questions Subject: Private network + IP-Filter + IP-NAT + internal ftpd Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Monday, January 17, 2000 As the subject suggests I am connected to the internet from a private network (192.168.0.0 address space) through a FreeBSD 3.2-RELEASE box with two NICs (one for the inside, one for the out) which is running ipf ( IP-Filter http://coombs.anu.edu.au/~avalon/ip-filter.html ) and ipnat to get me out. What I want to do now is set up an ftp server on one of my internal boxes to be reachable by someone else on the net behind an unknown firewall. I am on the @Home network and as such I cannot run daemons on their standard < 1023 ports due to some questionable network policies decreed by @Home so I have to redirect some_high_port on the external interface to my ftp port in the internal machine to get connections to the server. This works well for someone NOT behind a firewall using active ftp sessions. Passive ftp sessions break possibly due to the fact that ipnat doesn't know it's dealing with an ftp connection and libalias can't take the appropriate steps to ensure the FTP connection goes through. This does not work at all for someone behind a firewall because the PORT command chokes with a "530 Only client IP..", PASV breaks because you can't route 192.168.0.0 on the net and if I tell the server to issue the outside address for PASV it fails as well because my NAT box doesn't know it's speaking FTP. I need to know how to either hack libalias to acknowledge FTP connections on a non-standard port, how to set up ipf/ipnat rules to enable either active or passive FTP connections on a non-standard port or any other way I could get this setup working without putting the outside port number down where it belongs. I have already perused the list archives and I haven't found much helpful info for getting back in on redirected (non-standard) ports for FTP. TIA, -- Ben mailto:williamsl@Home.Com PS -- If anyone has any pointers on getting ICQ to do direct connections (chat, file x-fer, etc) in the same configuration ( myhost <-> NAT <-> 'net <-> firewall <-> otherhost ) I would appreciate any info you can give me! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message