Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Dec 2001 19:06:01 -0300 (ART)
From:      Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To:        Darryl Hoar <darryl@osborne-ind.com>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   Re: ftp & FreeBSD firewall
Message-ID:  <20011227190259.S79964-100000@cactus.fi.uba.ar>
In-Reply-To: <000001c18f1f$8fa66750$0701a8c0@darryl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Dec 2001, Darryl Hoar wrote:

> Greetings,
> I built a Freebsd firewall according to the instructions at
> http://www.schlacter.net:8500/public/FreeBSD-STABLE_and_IPFILTER.html
>
> The firewall/router is working fine.
>
> My network consists mostly of Windows PC's.  Since I've put the firewall
> in place, they have been unable to use ftp to retrieve files from the web.
> I have tried cuteftp, ws_ftp and microsofts ftp clients on these windows
> machines.  I have set them up to use passive , but the firewall settings
> in these clients don't make sense.
>
> What do I need to do to safely let my Windows users use ftp to retrieve/put
> files on the internet ?

If you are using ipf, you can use ipnat's built in ftp proxy. Just add a
line

map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp

to the top of your ipnat.rules file (change xl0 to match your external
interface).

and then reload the nat rules:

# ipnat -FC -f /etc/ipnat.rules




				Fer


>
> I can't update all the pc's to FreeBSD, at least not yet.
>
> thanks for ideas,
>
> Darryl
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011227190259.S79964-100000>