From owner-freebsd-questions Mon May 10 1:35:54 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mel.alcatel.fr (mel.alcatel.fr [212.208.74.132]) by hub.freebsd.org (Postfix) with ESMTP id E465D1581E for ; Mon, 10 May 1999 01:35:48 -0700 (PDT) (envelope-from Thierry.Herbelot@alcatel.fr) Received: from aifhs2.alcatel.fr (mailhub.alcatel.fr [155.132.180.80]) by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id JAA30190; Mon, 10 May 1999 09:31:41 +0200 Received: from lune.telspace.alcatel.fr (lune.telspace.alcatel.fr [155.132.144.65]) by aifhs2.alcatel.fr (ALCANET/SMTP2) with ESMTP id KAA11749; Mon, 10 May 1999 10:30:28 +0200 (MET DST) Received: from telss1 (telss1.telspace.alcatel.fr [155.132.51.4]) by lune.telspace.alcatel.fr (8.9.1a/8.9.1) with ESMTP id KAA18983; Mon, 10 May 1999 10:18:08 +0200 (MEST) Received: from telspace.alcatel.fr by telss1 (8.8.8+Sun/SMI-SVR4) id KAA28771; Mon, 10 May 1999 10:20:32 +0200 (MET DST) Message-ID: <37369828.6350383E@telspace.alcatel.fr> Date: Mon, 10 May 1999 10:26:16 +0200 From: Thierry Herbelot Reply-To: thierry.herbelot@alcatel.fr Organization: Alcatel CIT Nanterre X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.5.1 sun4m) X-Accept-Language: en MIME-Version: 1.0 To: Brian Somers Cc: thierry.herbelot@alcatel.fr, questions Subject: Re: Passive FTP with natd ? (FIXED) References: <199905071517.QAA00854@keep.lan.Awfulhak.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, My problem came from the interaction of a restrictive firewall (using the "simple" template from rc.firewall) which denies socket setups coming from the TCP port nr 20. (it was not possible to get an FTP dowload from the Internet to the gateway either) I've added an "add pass tcp from any to any 20 setup" rule in the firewall ruleset (along with a deny setup from 20 to services running on the gateawy). And now, everything's fine (I've finally downloaded RH 6.0). In summary : natd does allow an incomong ftp data conection (and translates the port command), but the connection was denied by the firewall. Thanks to all who answered TfH Brian Somers wrote: > > [.....] > > Thus : is it possible to setup natd so as to modify FTP packets ? > > (is there a specific rule to insert into rc.firewall ?) > > > > TIA > > > > TfH > [.....] > > It already does - however, if you're not using the ftp port (21) to > send the PORT command, libalias won't look for anything.... > > Also, there was an egcs bug in libalias (fixed by Louqi) that stopped > the PORT command detection stuff working, but you said you sup'd in the > last week, so that shouldn't be the problem.... > > -- > Brian > > Don't _EVER_ lose your sense of humour ! > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message