Date: Mon, 8 Feb 2010 14:16:36 -0800 From: Freddie Cash <fjwcash@gmail.com> To: net@freebsd.org Subject: Re: IPFW firewall NAT, port address translation, and "active" FTP Message-ID: <b269bc571002081416u584d77e9iff97db7910b22953@mail.gmail.com> In-Reply-To: <201002082209.PAA28420@lariat.net> References: <201002082209.PAA28420@lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 8, 2010 at 2:09 PM, Brett Glass <brett@lariat.net> wrote:
> Everyone:
>
> I've just attempted to build a router using FreeBSD 8.0 with IPFW's
> firewall NAT. I've included the following NAT parameters:
>
> ipfw nat 123 config if xl0 log redirect_port tcp 10.0.1.99:21 21
> redirect_port tcp 10.0.1.99:20 20
>
> Note that, among other things, incoming FTP is redirected to the host at
> 10.0.1.99 inside the firewall.
>
> The problem we're having is that users are having trouble reaching the FTP
> server with some clients -- in particular, Microsoft Internet Exploder. (I
> don't WANT them to be using IE, but I do not have control over this.) Does
> anyone know if I need to set anything special to make the firewall track FTP
> data ports?
>
> Point them at "Use passive FTP" setting in IE. :) It's listed on the
Advanced tab under Internet Options (IE 6 through 8).
Or, use an FTP proxy. Not sure if IPFW has one built in, as I've never
tried to use one ("either configure the client for PASV, or no connection"
is our policy for FTP), but PF includes ftp-proxy.
--
Freddie Cash
fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b269bc571002081416u584d77e9iff97db7910b22953>