From owner-freebsd-questions@FreeBSD.ORG  Tue Feb  1 09:16:55 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D4E7A16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Feb 2005 09:16:55 +0000 (GMT)
Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es
	[62.174.254.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 53A3043D45
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Feb 2005 09:16:55 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [IPv6???1] (localhost.daemonsecurity.com [127.0.0.1])
	by top.daemonsecurity.com (Postfix) with ESMTP id B93A0FD01F;
	Tue,  1 Feb 2005 10:16:53 +0100 (CET)
Message-ID: <41FF48FF.4010801@locolomo.org>
Date: Tue, 01 Feb 2005 10:16:47 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050127
X-Accept-Language: en, en-us, da, it, es
MIME-Version: 1.0
To: eric wyzerski <ericwyzerski@hotmail.com>
References: <BAY103-F14B8FED09595470529EB46C07C0@phx.gbl>
In-Reply-To: <BAY103-F14B8FED09595470529EB46C07C0@phx.gbl>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: Ftp behind firewall/nat
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2005 09:16:56 -0000

eric wyzerski wrote:
> My setup work wells with Active ftp but not with passive ftp. Your setup 
> doestnt work with passive ftp. From ipfilter faq:
> # I have an FTP server behind an IPF firewall, and I'm having problems 
> serving passive FTP.

Sorry, from your original post it was not clear to me if your problem 
was ftp-client behind nat or ftp-server behind nat. The solution I gave 
solve the ftp-client behind nat problem, both active and passive ftp.

The IPF howto also notes that setting up an ftp server behind a NAT is a 
mess and one should _not_ try to reverse the setup for ftp-client behind 
nat. I don't have the solution for server behind nat.

> passive ports 0.0.0.0/0 32768 49151
>    passive address your.pub.IP.addr 0.0.0.0/0

I don't know what is standard or if there is one, but IANA has assigned 
ports > 49151 for dynamic port allocation, which seems to suggest that 
the ports chosen should be in that interval.

Cheers, Erik

-- 
Ph: +34.666334818                           web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2