Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Oct 2002 13:24:47 +0300
From:      Artem Okounev <aokounev@yahoo.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: natd not allowing incoming ftp connections, but web is okay
Message-ID:  <7282201860.20021018132447@yahoo.com>
In-Reply-To: <20021017223647.2551651e.chip@wiegand.org>
References:  <20021017223647.2551651e.chip@wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Chip,

Friday, October 18, 2002, 8:36:47 AM, you wrote:


CW> I  have  a  server set up to run both web server and ftp
CW> server.  The  web  server  is  working  great,  internet
CW> connect  to it just fine. The ftpd server is running, it
CW> works  great  on  the  intranet,  but  from the internet
CW> connections  are  not  allowed  - according to wsftp the
CW> message is connection refused
<skip>
CW> My natd.conf looks like this -
CW> use sockets yes
CW> port 8668
CW> alias address xx.xx.xx.xxx
CW> log
CW> unregistered only
CW> redirect_port tcp 192.168.1.14:20-21 20-21
CW> redirect_port tcp 192.168.1.14:80 80

CW> I  don't  understand  why the port 80 line works and the
CW> port 20-21 line does not.

That  is because of the nature of the FTP protocol. FTP uses
two separate TCP connections: one for commands (port 21) and
another  one for data (port 20). What's going on when client
tries to establish the FTP session?

1. Client allocates two ports for himself (both above 1023)
2. It uses first port to connect to server's port 21
3. Using this established session client issues directive
PORT to server to tell the server port number for data
transfer.
4. Server initiates connection from its port 20 to client's
second opened port.

So  if  client  uses  active mode ftp you should not mention
port  20  in "redirect port" directive (data channel will be
aliased according to "alias address" directive):

redirect_port tcp 192.168.1.14:21 21

If client uses passive mode FTP then you probably should use
two directives:

redirect_port tcp 192.168.1.14:21 21
redirect_port tcp 192.168.1.14:49152-65535 49152-65535



CW> Even  though  it  says  log,  there is no log file being
CW> written  to,  all log items show on the local display, I
CW> don't know why.

CW> Any ideas what to check?
Is /var/log/alias.log exists and has correct permissions?
You may also try to log events via syslog using
"log_facility" directive.

- --
Best regards,
 Artem                            mailto:aokounev@yahoo.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)

iD8DBQE9r+F6bOuJ0KL1C+MRAsAhAJ9uV3if84mDkq6DLy6mHDTLO1+V5ACdHf5/
zIYu6XId3WVQPDqBdERC0FA=
=+gLt
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7282201860.20021018132447>