Date: Fri, 20 Apr 2001 11:59:28 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: house@lvcm.com Cc: freebsd-questions@FreeBSD.ORG Subject: RE: IPFILTER or IPFW? Message-ID: <Pine.BSF.4.21.0104201143530.56747-100000@cactus.fi.uba.ar>
next in thread | raw e-mail | index | archive | help
Please wrap your lines at 70 chars. On Fri, 20 Apr 2001, JannaDanRich wrote: > I did read somewhere that ipnat could not read from drive when kern security > level was set to 2 .. which is of course the level at which one might > expect me to set my firewall box? (this, from the best that I could > understand was "wouldn't allow me to change rules dynamically > .. therefore I rebooted machine with pass out all / pass in > all") IPNAT works fine, and gives me no worries, except for FTP .. I > found no other info about this In normal mode, the ftp server needs to make an incomming connection to the client. If your clients are been NATed, the server sees the connection coming from the NAT box, and tries to make the data connection to that box. Thats why ftp doesn't work behind a pure NAT box. To make it work, you need to enable ipnat's built in ftp proxy. Just add the following line at the top of your ipnat configuration file. map xl0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp (Change the interface name and the internal network addr to match yours) For further info, read the HOWTO (http://www.obsfuscation.org/ipfilter) Fer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104201143530.56747-100000>