From owner-freebsd-questions Mon Feb 17 21: 8:47 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC8C237B405 for ; Mon, 17 Feb 2003 21:08:45 -0800 (PST) Received: from madscience.volumen.net (hickey52.micro-mania.net [208.32.118.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8824143F85 for ; Mon, 17 Feb 2003 21:08:43 -0800 (PST) (envelope-from shane@howsyournetwork.com) Received: from daneel.volumen.net (daneel.volumen.net [10.252.238.73]) by madscience.volumen.net (8.11.6/8.11.6) with ESMTP id h1I58fk02633 for ; Mon, 17 Feb 2003 22:08:41 -0700 Subject: ipf ftp proxy problem? From: Shane Hickey To: freebsd-questions@freebsd.org Content-Type: text/plain Organization: How's your network? Message-Id: <1045544921.28324.10.camel@daneel> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1- Date: 17 Feb 2003 22:08:41 -0700 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Howdy all, I have a freebsd firewall and I want to be able to do make both passive and active ftp client connections from my inside network to the outside world. I'm using ipf and ipnat compiled into the kernel. I followed the IPF HOWTOs that I've read and I'm hitting a brick wall. My outside interface is dc0 and let's say my outside IP is 1.1.1.1. I've tried both of the following rules in my /etc/ipnat.rules file with no success. map dc0 0/0 -> 1.1.1.1/32 proxy port 21 ftp/tcp map dc0 0/0 -> 0/32 proxy port ftp ftp/tcp When I say no success, I mean that I am able to establish a remote ftp connection, but when I do a 'ls' I get a 425 Can't build data connection: No route to host I'm sure I'm doing something foolish, so any advice would be greatly appreciated. Oh yeah, I'm running FreeBSD5.0-release and IPF version 3.4.29. Thanks in advance for any help. -- Shane Hickey : Network/System Consultant GPG KeyID: 777CBF3F Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F Listening to: MC5 - 12 I Can Only Give you Everyth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message