Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 Jan 2005 15:52:08 -0600
From:      "Andras Kende" <andras@kende.com>
To:        "'eric wyzerski'" <ericwyzerski@hotmail.com>, <freebsd-questions@freebsd.org>
Subject:   RE: Ftp behind firewall/nat
Message-ID:  <20050131215159.18FA043D3F@mx1.FreeBSD.org>
In-Reply-To: <BAY103-F180A299CFDBA6B09CAF140C07C0@phx.gbl>

next in thread | previous in thread | raw e-mail | index | archive | help


-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of eric wyzerski
Sent: Monday, January 31, 2005 2:11 PM
To: freebsd-questions@freebsd.org
Subject: Ftp behind firewall/nat

Hi,

For a whole day I tried to make an ftp who is behind the firewall to work 
but Im not able. My ipf rules are:

pass in quick from any to any
pass out quick from any to any

So it is not a ipf problem. My ipnat rules are:

map rl0 10.0.0.0/8 -> 0/32

rdr rl0 X.X.X.X/32 port 21 -> 10.1.1.6 port 21 tcp

where X.X.X.X is my external IP, rl0 my external interface and 10.1.1.6 the 
ftp server. I am able to login and when I do the dir command its freeze. I 
have do tcpdump and I see the SYN packet goes but its never get answer. I 
really need help/advise
Thank you and please CC me the answer because im not in the list
Eric

_________________________________________________________________
Take advantage of powerful junk e-mail filters built on patented MicrosoftR 
SmartScreen Technology. 
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=htt
p://hotmail.com/enca&HL=Market_MSNIS_Taglines 
  Start enjoying all the benefits of MSNR Premium right now and get the 
first two months FREE*.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"




Hello,

This setup is only working with active ftp connections..
It's freezing at dir command because it's trying to do a passive connection

You would need to setup the ftp server for serve passive connections and
ipnat to redirect in a range of ports

something like:

PassivePortRange 5000 5010    - ftpd config


rdr rl0 X.X.X.X/32 port 5000 -> 10.1.1.6 port 5000 tcp
rdr rl0 X.X.X.X/32 port 5001 -> 10.1.1.6 port 5001 tcp
rdr rl0 X.X.X.X/32 port 500x -> 10.1.1.6 port 500x tcp

Or use only active ftp connections..

Andras Kende
http://www.kende.com





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050131215159.18FA043D3F>