From owner-freebsd-questions Mon Jun 3 12:24: 2 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail1.ruraltel.net (mail1.ruraltel.net [24.225.0.34]) by hub.freebsd.org (Postfix) with ESMTP id 0EEBB37B420 for ; Mon, 3 Jun 2002 12:23:53 -0700 (PDT) Received: (from root@localhost) by mail1.ruraltel.net (8.11.6/8.11.6) id g53JNfi23015 for freebsd-questions@freebsd.org; Mon, 3 Jun 2002 14:23:41 -0500 Received: from darryl (p189n31.ruraltel.net [24.225.31.189]) by mail1.ruraltel.net (8.11.6/8.11.6) with SMTP id g53JNd122973 for ; Mon, 3 Jun 2002 14:23:40 -0500 Reply-To: From: "Darryl Hoar" To: Subject: RE: IPFILTER & FTP Date: Mon, 3 Jun 2002 14:29:32 -0500 Message-ID: <005501c20b34$fd329230$0701a8c0@darryl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20020531215818.B36456@prioris.mini.pw.edu.pl> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Importance: Normal X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >From: Grzegorz Czaplinski [mailto:gregory@prioris.mini.pw.edu.pl] >In /etc/ipnat.rules you should have an entry: >map fxp0 192.168.1.0/24 -> external/32 proxy port ftp ftp/tcp > >Where fxp0 is your extrenal interface, 192.168.1.0/24 local network, >and external is external interface. > >Put this rule before those two: >map fxp0 192.168.1.0/24 -> external/32 portmap tcp/udp 20000:30000 >map fxp0 192.168.1.0/24 -> external/32 > >That should help. Have fun. >Regards, > gregory > >On Fri, May 31, 2002 at 01:55:33PM -0500, Darryl Hoar wrote: >> Greetings, >> I have a 4.5 box setup running IPFilter. It is the firewall >to my LAN, and >> also does NAT. >> >> The problem I have is when I try to ftp to a server, it logs >me in OK to the >> ftp> prompt. >> When I do an ls, it >> 220 Entering Passive Mode (my private ip 192.168.1,101) >> and just hangs. >> >> Do I need to add a rule in my IPFilters on my firewall to >allow my computer >> to ftp >> another computer (on the internet)? >> >> Any ideas? >> >> thanks, >> Darryl Well, I checked my ipf.rules file and my out bound and inbound have keep state. I have tried putting: map xl0 0/0 -> 0/32 proxy port 21 ftp/tcp in my ipnat.rules file. When I do this, I can ftp passive into a machine when logged into my firewall. From any other machine on my network, no joy. If I replace that with: map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp I can't ftp even from the firewall. I have double checked my ipf.rules and they look right. What am I missing here? thanks for any ideas, Darryl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message