Site Navigation

Date:      Thu, 18 Jan 2001 16:06:53 -0500
From:      "Matthew Emmerton" <matt@gsicomp.on.ca>
To:        "MuratBSD" <muratbsd@softhome.net>
Cc:        "Freebsd-Questions" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: ftp apps and nat
Message-ID:  <010101c08192$95c46ba0$1200a8c0@gsicomp.on.ca>
References:  <NEBBKCBJALGONAJFPFDJAEFACEAA.muratbsd@softhome.net> <3A66E459.8020003@planetwe.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

I don't think you've got your port ranges specified properly.  (You
shouldn't use two dashes in a range.  I believe natd will just take the last
range specified, which would have been 21-23, meaning that you ftp (21), ssh
(22) and telnet (23) would have been redirected, but ftp-data (20) would
not.)

Try this instead:

redirect_port tcp 10.100.100.1:20-21 20-21
redirect_port tcp 10.100.100.1:23 23

--
Matt Emmerton

> At worst you may need to type passive at the prompt after you log in,
> before you run any commands. But I'm no firewall guru, and someone else
> might spot a fix somewhere for your rules.
>
> MuratBSD wrote:
>
> > Hi
> >
> > I implemented a NATdeamon and firewall (IPFW)  with a FreeBSD 4.2 stable
and
> > I didn't any successfull operation with ftp client, my firewall and nat
> > options are below. I can logon to ftp server but my commands are not
working
> >
> > Please help me
> >
> > // NAT options //
> >
> > unregistered_only
> > alias_address 195.155.33.55
> > log
> > redirect_port tcp 10.100.100.1:20-21-23 20-21-23
> > dynamic
> > same_ports
> >
> > //------------//
> >
> >
> >
> > // Firewall rules //
> >
> > 00020 1849175 1088830170 divert 8668 ip from any to any via fxp1
> > 00030    5584     609962 allow ip from any to any via lo0
> > 00040 3453531 2146965479 allow tcp from any to any established
> > 00060       0          0 deny ip from any to 127.0.0.0/8
> > 00200   39614    1880048 allow tcp from any to any 80 setup
> > 00201       0          0 allow tcp from any 80 to any
> > 00202       8        480 allow tcp from any to any 80
> > 00250       2         80 allow tcp from any 21 to any
> > 00255     665      31580 allow tcp from any to any 21




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010101c08192$95c46ba0$1200a8c0>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact