Date: Tue, 18 Feb 2003 09:52:14 +0100 From: Kjell Midtseter <junkmail@sensewave.com> To: Shane Hickey <shane@howsyournetwork.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipf ftp proxy problem? Message-ID: <20030218085214.GA236@tina.la3sg.net> In-Reply-To: <1045544921.28324.10.camel@daneel> References: <1045544921.28324.10.camel@daneel>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 17 February 2003 at 22:08:41 -0700, Shane Hickey wrote: > Howdy all, > I have a freebsd firewall and I want to be able to do make both passive > and active ftp client connections from my inside network to the outside > world. I'm using ipf and ipnat compiled into the kernel. I followed > the IPF HOWTOs that I've read and I'm hitting a brick wall. > My outside interface is dc0 and let's say my outside IP is 1.1.1.1. > I've tried both of the following rules in my /etc/ipnat.rules file with > no success. > > map dc0 0/0 -> 1.1.1.1/32 proxy port 21 ftp/tcp > map dc0 0/0 -> 0/32 proxy port ftp ftp/tcp > > When I say no success, I mean that I am able to establish a remote ftp > connection, but when I do a 'ls' I get a > > 425 Can't build data connection: No route to host > > I'm sure I'm doing something foolish, so any advice would be greatly > appreciated. Oh yeah, I'm running FreeBSD5.0-release and IPF version > 3.4.29. > My ipf.rules for passive FTP contains: pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state keep frags pass in quick on rl0 proto tcp from any to any port > 1023 flags S keep state And ipnat.rules: map rl0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp Kjell > Thanks in advance for any help. > > -- > Shane Hickey : Network/System Consultant > GPG KeyID: 777CBF3F > Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F > Listening to: MC5 - 12 I Can Only Give you Everyth > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030218085214.GA236>