From owner-freebsd-questions Tue Feb 18 0:52:18 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B33CA37B401 for ; Tue, 18 Feb 2003 00:52:16 -0800 (PST) Received: from tina.la3sg.net (la3sg.net [217.13.29.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECE9543F85 for ; Tue, 18 Feb 2003 00:52:15 -0800 (PST) (envelope-from tina@la3sg.net) Received: by tina.la3sg.net (Postfix, from userid 1001) id C894514A20; Tue, 18 Feb 2003 09:52:14 +0100 (CET) Date: Tue, 18 Feb 2003 09:52:14 +0100 From: Kjell Midtseter To: Shane Hickey Cc: freebsd-questions@freebsd.org Subject: Re: ipf ftp proxy problem? Message-ID: <20030218085214.GA236@tina.la3sg.net> Reply-To: junkmail@sensewave.com References: <1045544921.28324.10.camel@daneel> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1045544921.28324.10.camel@daneel> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday, 17 February 2003 at 22:08:41 -0700, Shane Hickey wrote: > Howdy all, > I have a freebsd firewall and I want to be able to do make both passive > and active ftp client connections from my inside network to the outside > world. I'm using ipf and ipnat compiled into the kernel. I followed > the IPF HOWTOs that I've read and I'm hitting a brick wall. > My outside interface is dc0 and let's say my outside IP is 1.1.1.1. > I've tried both of the following rules in my /etc/ipnat.rules file with > no success. > > map dc0 0/0 -> 1.1.1.1/32 proxy port 21 ftp/tcp > map dc0 0/0 -> 0/32 proxy port ftp ftp/tcp > > When I say no success, I mean that I am able to establish a remote ftp > connection, but when I do a 'ls' I get a > > 425 Can't build data connection: No route to host > > I'm sure I'm doing something foolish, so any advice would be greatly > appreciated. Oh yeah, I'm running FreeBSD5.0-release and IPF version > 3.4.29. > My ipf.rules for passive FTP contains: pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state keep frags pass in quick on rl0 proto tcp from any to any port > 1023 flags S keep state And ipnat.rules: map rl0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp Kjell > Thanks in advance for any help. > > -- > Shane Hickey : Network/System Consultant > GPG KeyID: 777CBF3F > Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F > Listening to: MC5 - 12 I Can Only Give you Everyth > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message