From owner-freebsd-questions Sun Aug 4 23: 8:22 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B700537B400 for ; Sun, 4 Aug 2002 23:07:48 -0700 (PDT) Received: from services.webwarrior.net (overlord-host99.dsl.visi.com [209.98.86.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id B87C843E4A for ; Sun, 4 Aug 2002 23:07:47 -0700 (PDT) (envelope-from friar_josh@webwarrior.net) Received: from twincat.vladsempire.net (12-218-27-215.client.mchsi.com [12.218.27.215]) by services.webwarrior.net (Postfix) with ESMTP id 0CAA5838205; Mon, 5 Aug 2002 01:07:46 -0500 (CDT) Date: Tue, 13 Nov 2001 07:54:42 +0000 From: Josh Paetzel To: Thor Legvold Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw/natd & ftp Message-ID: <20011113075441.A9434@twincat.vladsempire.net> Mail-Followup-To: Thor Legvold , freebsd-questions@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from tlegvold@hotmail.com on Tue, Nov 13, 2001 at 09:07:40AM +0000 Lines: 61 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Nov 13, 2001 at 09:07:40AM +0000, Thor Legvold wrote: > I've read through the docs, but haven't been able to solve this seemingly > simple problem: > > FBSD 4.4-STABLE box as gateway to internet (running ipfw/natd), serving 3 > PC's, one running Win98SE, one running WinXP and one running NextStep 3.3 > > >From FBSD box I can ftp from command line and download via browser > (Konquerer, Mozilla) without problem. From Win98SE/XP/NextStep I can browse > (http), but cannot ftp. I've tried both from command line and from browser > (and ftp app "Yftp" on Next). 98SE has IE 5.5, XP has 6.0, NS runs OmniWeb > 2.2. > > I though it was the problem I read about using "passive" transfers because > of the firewall (I can log into the ftp server, but cannot dir/ls or get or > anything else). However, when I open the firewall (add pass all from any to > any), it still doesn't work. So I wonder if NAT might play a part in the > problem, and wonder what I should try next. > > Regards, > Thor I am using a 4.4-STABLE machine running natd/ipfw as the gateway for 3 other FreeBSD machines. None of the machines have any problems accessing ftp or any other service that I want them to for that matter. Perhaps if you posted your ruleset it would be a bit easier to tell what's wrong. Keep in mind that ftp really doesn't work if both the server and the client are behind firewalls. ;) I'll attach a copy of my ruleset so you can try it out or at least compare it to what you have. Josh --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=fwrules /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add allow ip from any to any via lo0 /sbin/ipfw add allow ip from any to any via ed0 /sbin/ipfw add allow tcp from any to any out xmit tun0 setup /sbin/ipfw add allow tcp from any to any via tun0 estab /sbin/ipfw add allow tcp from any to any 22 setup /sbin/ipfw add allow tcp from any to any 80 setup /sbin/ipfw add allow udp from any to any out xmit tun0 /sbin/ipfw add allow udp from any to any in recv tun0 /sbin/ipfw add allow tcp from any to any 113 out xmit /sbin/ipfw add allow tcp from any to any 113 via tun0 /sbin/ipfw add 65434 allow icmp from any to any /sbin/ipfw add 65435 deny ip from any to any --gBBFr7Ir9EOA20Yy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message