Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Jan 2000 06:11:02 -0500
From:      Ben WIlliams <williamsl@Home.Com>
To:        FreeBSD questions <freebsd-questions@freebsd.org>
Subject:   Private network + IP-Filter + IP-NAT + internal ftpd
Message-ID:  <12257.000117@Home.Com>
next in thread | raw e-mail | index | archive | help 
                                               Monday, January 17, 2000
   As the subject suggests I am connected to the internet from a private
network (192.168.0.0 address space) through a FreeBSD 3.2-RELEASE box with
two NICs (one for the inside, one for the out) which is running ipf
( IP-Filter http://coombs.anu.edu.au/~avalon/ip-filter.html ) and ipnat to
get me out. What I want to do now is set up an ftp server on one of my
internal boxes to be reachable by someone else on the net behind an unknown
firewall.
         I am on the @Home network and as such I cannot run daemons on their
standard < 1023 ports due to some questionable network policies decreed by
@Home so I have to redirect some_high_port on the external interface to my
ftp port in the internal machine to get connections to the server.
    This works well for someone NOT behind a firewall using active ftp
sessions. Passive ftp sessions break possibly due to the fact that ipnat
doesn't know it's dealing with an ftp connection and libalias can't take the
appropriate steps to ensure the FTP connection goes through.
    This does not work at all for someone behind a firewall because the PORT
command chokes with a "530 Only client IP..", PASV breaks because you can't
route 192.168.0.0 on the net and if I tell the server to issue the outside
address for PASV it fails as well because my NAT box doesn't know it's
speaking FTP.

   I need to know how to either hack libalias to acknowledge FTP connections
on a non-standard port, how to set up ipf/ipnat rules to enable either active
or passive FTP connections on a non-standard port or any other way I could
get this setup working without putting the outside port number down where it
belongs.

    I have already perused the list archives and I haven't found much helpful
info for getting back in on redirected (non-standard) ports for FTP.

TIA,
--
 Ben                                      mailto:williamsl@Home.Com

PS -- If anyone has any pointers on getting ICQ to do direct connections
      (chat, file x-fer, etc) in the same configuration
      ( myhost <-> NAT <-> 'net <-> firewall <-> otherhost )
      I would appreciate any info you can give me!




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12257.000117>