Date: Thu, 28 Feb 2002 06:20:20 +1100 From: BSD Freak <bsd-freak@mbox.com.au> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: FTP Madness Message-ID: <190f3ff190c3bf.190c3bf190f3ff@mbox.com.au>
next in thread | raw e-mail | index | archive | help
Hiya all.. Here's my situation I am running an FTP/Web server behind a NAT gateway (running ipf). The FTP server needs to accept bothe passive and active FTP clients. I have found active FTP (and web) clients work with the following ipnat.rules: map fxp1 192.16.0.0/16 -> 0/32 proxy port 21 ftp/tcp map fxp1 192.16.0.0/16 -> 1.2.3.4/32 portmap tcp/udp 10000:60000 map fxp1 192.16.0.0/16 -> 1.2.3.4/32 rdr fxp1 1.2.3.4/32 port 80 -> 192.16.0.3 port 80 rdr fxp1 1.2.3.4/32 port 21 -> 192.16.0.3 port 21 However to accept passive FTP clients I need to have something like this: map fxp1 192.16.0.0/16 -> 0/32 proxy port 21 ftp/tcp map fxp1 192.16.0.0/16 -> 1.2.3.4/32 portmap tcp/udp 10000:60000 map fxp1 192.16.0.0/16 -> 1.2.3.4/32 rdr fxp1 1.2.3.4/32 port 80 -> 192.16.0.3 port 80 rdr fxp1 1.2.3.4/32 port 21 -> 192.16.0.3 port 21 # This part allows passive FTP rdr fxp1 1.2.3.4/32 port 49152 -> 192.16.0.3 port 49152 rdr fxp1 1.2.3.4/32 port 49153 -> 192.16.0.3 port 49153 rdr fxp1 1.2.3.4/32 port 49154 -> 192.16.0.3 port 49154 rdr fxp1 1.2.3.4/32 port 49155 -> 192.16.0.3 port 49155 rdr fxp1 1.2.3.4/32 port 49156 -> 192.16.0.3 port 49156 rdr fxp1 1.2.3.4/32 port 49157 -> 192.16.0.3 port 49157 rdr fxp1 1.2.3.4/32 port 49158 -> 192.16.0.3 port 49158 rdr fxp1 1.2.3.4/32 port 49159 -> 192.16.0.3 port 49159 rdr fxp1 1.2.3.4/32 port 49160 -> 192.16.0.3 port 49160 rdr fxp1 1.2.3.4/32 port 49161 -> 192.16.0.3 port 49161 rdr fxp1 1.2.3.4/32 port 49162 -> 192.16.0.3 port 49162 rdr fxp1 1.2.3.4/32 port 49163 -> 192.16.0.3 port 49163 rdr fxp1 1.2.3.4/32 port 49164 -> 192.16.0.3 port 49164 .... .... .... rdr fxp1 1.2.3.4/32 port 65535 -> 192.16.0.3 port 65535 Surely there must be an easier way to accept passive FTP without having 16383 ipnat rules! I think it's possible to limit the ports that ftpd uses but there was nothing about this in the man page. Also I tried: rdr fxp1 1.2.3.4/32 port 49152 >< 65535 -> 192.16.0.3 port 49152 >< 65535 but that didn't work. "port 49152 >< 65535" works with ipf block or allow rules but doesnt seem to work with ipnat rdr rules....... Any help would be greatly appreciated...... --------------------------------------------------------------------- Faxes delivered directly to any email address, new to mBox! Find out more http://www.mbox.com.au/fax To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?190f3ff190c3bf.190c3bf190f3ff>