Date: Tue, 25 May 1999 16:35:33 -0500 From: =?iso-8859-1?Q?Alejandro_Ram=EDrez?= <ales@megared.net.mx> To: "Ed Keith" <edk@kew.com> Cc: "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: which ftp proxy? Message-ID: <009801bea6f6$85912480$f9a3f9cf@megared.net.mx> References: <37488BDD.DDB88F1D@kew.com> <01f701bea602$067c2fe0$f9a3f9cf@megared.net.mx> <374A270C.E7FF8E42@kew.com> <014801bea6bf$fb8033c0$f9a3f9cf@megared.net.mx> <374AF773.68CC17E3@kew.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
You should try to enable natd, it will do what you want, and its better
than having a proxy server, anyway in one case or another, you will be
routing packets fron one interface to another, you can´t avoid that,
enabling natd its very simple, just set these lines in the /etc/rc.conf
file:
gateway_enable="YES" # Set to YES if this host will be a gateway.
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="fxp0" # Public interface to use with natd (it´s
your outside interface).
natd_flags="" # Additional flags for natd (see
"man natd").
Ales
----- Original Message -----
From: Ed Keith <edk@kew.com>
To: Alejandro Ramírez <ales@megared.net.mx>
Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, May 25, 1999 2:18 PM
Subject: Re: which ftp proxy?
> No packets get through the firewall. The firewall system is dual homed. No
> packets are routed between the two addresses. (The internal network is
> 192.168.19.x, so it would be very bad if packets were routed.)
> If I want to ftp out I need to log onto the firewall machine and ftp from
there
> then ftp again (using an ftp server on the firewall that only connects to
the
> inside network) from the firewall to my desktop.
>
> -EdK
>
> Alejandro Ramírez wrote:
>
> > Hi,
> >
> > If you are behind a firewall, and the ports:
> >
> > ftp-data 20/tcp #File Transfer [Default Data]
> > ftp-data 20/udp #File Transfer [Default Data]
> > ftp 21/tcp #File Transfer [Control]
> > ftp 21/udp #File Transfer [Control]
> >
> > aren´t specifically blocked out by your system administrator (that i
don´t
> > think they are), you must use the "passive" mode in ftp transfers, the
> > "passive" mode must be used always that you are behind a firewall, this
is a
> > rule to have a good ftp session, if your system administrator did
> > specifically blocked out this ports, you may ask him to unblock them out
(in
> > /etc/rc.firewall), since this is simpler than to install a proxy server.
And
> > if you want to have more security in your network, and you have already
> > configured ipfw, then you may try to enable "natd" (network address
> > translation), it will let you have private ip addresses in your network
and
> > go outside with a public address for all of your machines (instead of
> > installing a proxy server) but you still will have to use the "passive"
mode
> > in ftp transfers.
> >
> > Ales
> >
> > ----- Original Message -----
> > From: Ed Keith <edk@kew.com>
> > To: Alejandro Ramírez <ales@megared.net.mx>
> > Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> > Sent: Monday, May 24, 1999 11:29 PM
> > Subject: Re: which ftp proxy?
> >
> > > I don't think that will help since all packets are blocked by the
> > firewall.
> > > I think I need to use a proxy server. But I don't know which one would
be
> > > best for my needs. (very small network, light volume, newbe site
admin.,
> > > paranoid domain administrator who may want me to justify why I picked
the
> > one
> > > decide to use.)
> > >
> > > -EdK
> > >
> > >
> > > Alejandro Ramírez wrote:
> > >
> > > > Hi,
> > > >
> > > > Try the "passive" option in the ftp program.
> > > >
> > > > Ales
> > > >
> > > > ----- Original Message -----
> > > > From: Ed Keith <edk@kew.com>
> > > > To: freebsd-questions <freebsd-questions@FreeBSD.ORG>
> > > > Sent: Sunday, May 23, 1999 6:14 PM
> > > > Subject: which ftp proxy?
> > > >
> > > > > I'm running FreeBSD 2.28 and ipfw. I want to install an ftp proxy
so I
> > > > > can connect to ftp sites from behind the firewall. What is
> > recommended?
> > > > >
> > > > > Thanks in advance,
> > > > > -EdK
> > > > >
> > > > >
> > > > >
> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > with "unsubscribe freebsd-questions" in the body of the message
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009801bea6f6$85912480$f9a3f9cf>