Date: Wed, 7 Nov 2001 03:14:03 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Adriaan de Groot <adridg@cs.kun.nl> Cc: rene@xs4all.nl, questions@FreeBSD.ORG Subject: Re: FTP through ipnat + ipf? Message-ID: <20011107031402.E307@blossom.cjclark.org> In-Reply-To: <Pine.GSO.4.33.0111071144150.9474-100000@odin.cs.kun.nl>; from adridg@cs.kun.nl on Wed, Nov 07, 2001 at 11:53:04AM %2B0100 References: <20011107113915.A17081@xs4all.nl> <Pine.GSO.4.33.0111071144150.9474-100000@odin.cs.kun.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 07, 2001 at 11:53:04AM +0100, Adriaan de Groot wrote: > On Wed, 7 Nov 2001 rene@xs4all.nl wrote: > > Now I'd like the windows box to be able to use FTP to the outside > > world aswell as HTTP. All my FTP-sessions from windows fail with: > > > > C:\>ftp ftp.home.vim.org > <snip> > > ftp> ls > > 200 PORT command successful. > > > > > > > > --and after this I get no more data whatsoever. I know this is a sort-of > > gotcha, but forgot how to fix it... [snip] > 2) Use an ftp proxy on the firewall, which handles both command and data > connections. > > 3) Use stateful packet filtering, which knows about the ftp data > connection. > > Approach 1 is simple to use, but you do have to remember to switch the ftp > session to passive. 2 and 3 are slightly harder to setup, and I can't find > a reference right now. Well, the original poster was using ipf(8)/ipnat(8) which has a FTP proxy built in. Put a rule like, map <if> <internal_net> -> 0/32 proxy ftp ftp/tcp In your ipnat(5) rules. > I was going to suggest reading the ipchains HOWTO > for Linux, but http://www.rustcorp.com/linux/ipchains/HOWTO.html seems to > have been taken over by teenage sluts ... Why would one suggest an ipchains how-to for someone running ipf(8)/ipnat(8) on FreeBSD on a FreeBSD mail list? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011107031402.E307>