Date: Fri, 20 Apr 2001 09:46:41 -0700 From: "JannaDanRich" <house@lvcm.com> To: "Fernando Gleiser" <fgleiser@cactus.fi.uba.ar> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: IPFILTER or IPFW? Message-ID: <059401c0c9b9$7d267920$1616160a@neoone> References: <Pine.BSF.4.21.0104201143530.56747-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank You, RTFM I see .. thought I'd covered everything the first time thru sorry, and thanks again Rich ----- Original Message ----- From: "Fernando Gleiser" <fgleiser@cactus.fi.uba.ar> To: <house@lvcm.com> Cc: <freebsd-questions@FreeBSD.ORG> Sent: Friday, April 20, 2001 7:59 AM Subject: RE: IPFILTER or IPFW? > > Please wrap your lines at 70 chars. > > On Fri, 20 Apr 2001, JannaDanRich wrote: > > > I did read somewhere that ipnat could not read from drive when kern security > > level was set to 2 .. which is of course the level at which one might > > expect me to set my firewall box? (this, from the best that I could > > understand was "wouldn't allow me to change rules dynamically > > .. therefore I rebooted machine with pass out all / pass in > > all") IPNAT works fine, and gives me no worries, except for FTP .. I > > found no other info about this > > In normal mode, the ftp server needs to make an incomming connection to > the client. If your clients are been NATed, the server sees the connection > coming from the NAT box, and tries to make the data connection to that > box. Thats why ftp doesn't work behind a pure NAT box. > > > To make it work, you need to enable ipnat's built in ftp proxy. Just add > the following line at the top of your ipnat configuration file. > > map xl0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp > > (Change the interface name and the internal network addr to match yours) > > For further info, read the HOWTO (http://www.obsfuscation.org/ipfilter) > > > Fer > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?059401c0c9b9$7d267920$1616160a>