From owner-freebsd-security Thu Oct 11 12:51: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from web14606.mail.yahoo.com (web14606.mail.yahoo.com [216.136.224.86]) by hub.freebsd.org (Postfix) with SMTP id BD6C037B403 for ; Thu, 11 Oct 2001 12:50:59 -0700 (PDT) Message-ID: <20011011195059.81764.qmail@web14606.mail.yahoo.com> Received: from [66.156.14.26] by web14606.mail.yahoo.com via HTTP; Thu, 11 Oct 2001 12:50:59 PDT Date: Thu, 11 Oct 2001 12:50:59 -0700 (PDT) From: Jerry Murdock Subject: Re: Jail vs Active FTP To: Attila Nagy Cc: freebsd-security@freebsd.org In-Reply-To: <20011011210142.G32220-100000@scribble.fsn.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Attila Nagy wrote: > Hello, > > > When initiating an FTP transfer use "ftp" inside the jail, I get an > > "500 Invalid Port Command" error. Should I be able to initiate and > > active FTP session from inside a jail? > I often run jails with 127/8 IPs or private (non-routable intranet) > addressess. > The easiest solution is to put IPF into the kernel and use its built-in > FTP proxy. > Thanks for the tip. I already had "MAP map tun0 0.0.0.0/0 -> 0/32 proxy port ftp ftp/tcp" in the IPNAT rules, which I thought would be enough. I went back and added an explicit "MAP map tun0 jail.ad.dr.ess/32 -> 0/32 proxy port ftp ftp/tcp" which fixed it up. I should have thought of it myself. Jerry __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message