Date: Mon, 24 Jan 2005 08:55:54 +0100 From: dick hoogendijk <dick@nagual.st> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: ipf ipnat ftp question Message-ID: <20050124075554.GA1535@nagual.st>
next in thread | raw e-mail | index | archive | help
I want ftp services to and from the internet for my gateway and my lan machines. I read the handbook but still have some questions. As I understand I have to put two lines into my ipf.rules whe I use the IPNAT built in ftp proxy. #pass out quick on rl0 proto tcp from any to any port = 21 flags S keep state # Allow in non-secure FTP ( both passive & active modes) #pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state But I don't understand the proxy rules ;-( !! What happens with the /29 thing? ??? Why isn't it /24 ?? Please give me some hints on this. ######################## ### ip.nat.rules ####################### # This rule will handle all the traffic for the internal LAN: # map rl0 192.168.11.0/29 -> 0/32 proxy port 21 ftp/tcp # This rule handles the FTP traffic from the gateway. # map rl0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp # This rule handles all non-FTP traffic from the internal LAN. # map rl0 192.168.11.0/29 -> 0/32 # Only one filter rule is needed for FTP if the NAT FTP proxy is used. -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.10 ++ Debian GNU/Linux (Woody) + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilya
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050124075554.GA1535>