Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 07 Dec 1999 09:24:04 -0800
From:      Chameleon <swen@wavefire.com>
To:        "Morten Seeberg" <morten@seeberg.dk>, <questions@freebsd.org>
Subject:   Re: NATD and REDIRECT_PORT problem
Message-ID:  <3.0.32.19991207092404.01743100@mail.wavefire.com>
next in thread | raw e-mail | index | archive | help 
At 04:38 PM 12/7/99 +0100, Morten Seeberg wrote:

>Hi, I have a BSD with a "real" IP. I want it to forward port 666 from the

>external IP to an Internal FTP server running on port 666 (running Windows

>Serv-U - I have no influence on this machine :) ) The BSD is not running

>IPFIREWALL, just natd.

>

>When configured as below, the only thing I can do, is connect to the FTP

>from machines with real IP adresses and not using passive FTP. This=
 probably

>works, because the internal FTP can open data-ports with no restrictions to

>the machine on the Internet. But whenever a client behind a firewall some

>place tries, it wount work, because then the internal FTP isn=B4t allowed=
 to

>communicate on other ports to the client.

>This is where passive FTP comes into the picture as far as I understand,

>this means, that every port that needs to be opened to the FTP will be

>opened from the client.

>

>So, i I ran a TCPDUMP on the BSD on the external interface, and tried to

>connect to the internal FTP using passive FTP, login and password no

>problems. Then I tried to do a LS, and thought this is where id probably=
 see

>some new ports opening, but I didnt???

>

>So how is this done???

>

>The 3.3-RELEASE is configured with this:

>

>firewall_enable=3D"YES"

>firewall_script=3D"/etc/rc.firewall"

>firewall_type=3D"open"

>natd_enable=3D"YES"

>natd_flags=3D"-f /etc/rc.natd"

>natd_interface=3D"ed1"

>

>and rc.natd:

>

>use_sockets

>same_ports

>redirect_port tcp 192.168.2.101:666 666

>

In your rc.natd try:


redirect_port tcp internal_ip:666 external_ip:666



<bold>Windows 98</bold>: n.

        useless extension to a minor patch release for=20

        32-bit extensions and a graphical shell for a=20

        16-bit patch to an 8-bit operating system=20

        originally coded for a 4-bit microprocessor,=20

        written by a 2-bit company that can't stand for

        1 bit of competition.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19991207092404.01743100>