Date: Mon, 17 Jan 2000 11:33:35 -0500 From: Ben WIlliams <williamsl@Home.Com> To: FreeBSD-Questions <FreeBSD-Questions@freebsd.org> Cc: "Christian Taylor" <phazer@ns.sympatico.ca> Subject: Re[2]: Private network + IP-Filter + IP-NAT + internal ftpd Message-ID: <5481.000117@Home.Com> In-Reply-To: <NDBBLMNOHKHIPCJHGCKJOEAJCDAA.phazer@ns.sympatico.ca> References: <NDBBLMNOHKHIPCJHGCKJOEAJCDAA.phazer@ns.sympatico.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Christian, Monday, January 17, 2000 Thanks for the quick info on ICQ! I'll be looking into that when I get time. (hehe..yeah..then!) Unfortunately that's a side issue right now with the NAT'ed ftpd being my primary concern. Any other takers? Monday, January 17, 2000, 8:14:36 AM, you wrote: CT> For ICQ, simply install the socks5 port, and tell ICQ you're using a socks5 CT> firewall, pointing it to the address of your NAT box. I do this, and it CT> works perfectly for me. CT> -Christian >> -----Original Message----- >> From: owner-freebsd-questions@FreeBSD.ORG >> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Ben WIlliams >> Sent: Monday, January 17, 2000 7:11 AM >> To: FreeBSD questions >> Subject: Private network + IP-Filter + IP-NAT + internal ftpd >> >> >> Monday, January 17, 2000 >> As the subject suggests I am connected to the internet from a private >> network (192.168.0.0 address space) through a FreeBSD 3.2-RELEASE box with >> two NICs (one for the inside, one for the out) which is running ipf >> ( IP-Filter http://coombs.anu.edu.au/~avalon/ip-filter.html ) and ipnat to >> get me out. What I want to do now is set up an ftp server on one of my >> internal boxes to be reachable by someone else on the net behind >> an unknown >> firewall. >> I am on the @Home network and as such I cannot run >> daemons on their >> standard < 1023 ports due to some questionable network policies decreed by >> @Home so I have to redirect some_high_port on the external interface to my >> ftp port in the internal machine to get connections to the server. >> This works well for someone NOT behind a firewall using active ftp >> sessions. Passive ftp sessions break possibly due to the fact that ipnat >> doesn't know it's dealing with an ftp connection and libalias >> can't take the >> appropriate steps to ensure the FTP connection goes through. >> This does not work at all for someone behind a firewall >> because the PORT >> command chokes with a "530 Only client IP..", PASV breaks because >> you can't >> route 192.168.0.0 on the net and if I tell the server to issue the outside >> address for PASV it fails as well because my NAT box doesn't know it's >> speaking FTP. >> >> I need to know how to either hack libalias to acknowledge FTP >> connections >> on a non-standard port, how to set up ipf/ipnat rules to enable >> either active >> or passive FTP connections on a non-standard port or any other way I could >> get this setup working without putting the outside port number >> down where it >> belongs. >> >> I have already perused the list archives and I haven't found >> much helpful >> info for getting back in on redirected (non-standard) ports for FTP. >> >> TIA, >> -- >> Ben mailto:williamsl@Home.Com >> >> PS -- If anyone has any pointers on getting ICQ to do direct connections >> (chat, file x-fer, etc) in the same configuration >> ( myhost <-> NAT <-> 'net <-> firewall <-> otherhost ) >> I would appreciate any info you can give me! >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> CT> To Unsubscribe: send mail to majordomo@FreeBSD.org CT> with "unsubscribe freebsd-questions" in the body of the message -- Ben mailto:williamsl@Home.Com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5481.000117>