Date: Tue, 14 Feb 2006 15:05:56 +0100 From: "Daniel A." <ldrada@gmail.com> To: fbsd_user@a1poweruser.com Cc: questions@freebsd.org Subject: Re: Cant login to FTP server. Message-ID: <5ceb5d550602140605y243d9fbdydb1a6300e509970b@mail.gmail.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGGEDEHNAA.fbsd_user@a1poweruser.com> References: <5ceb5d550602140441o2ee7e458j689000550fb87198@mail.gmail.com> <MIEPLLIBMLEEABPDBIEGGEDEHNAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have now changed my ipnat.rules to this: _____SNIP_____ map rl0 192.168.0.0/16 -> 0.0.0.0/32 proxy port 21 ftp/tcp map rl0 0/0 -> 0/32 proxy port 21 ftp/tcp map rl0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 -> 0.0.0.0/32 _____SNIP_____ And then I did "ipnat -FC -f /etc/ipnat.rules". I still get the same error. On 2/14/06, fbsd_user <fbsd_user@a1poweruser.com> wrote: > Daniel > You did not say where you were running ftp from. > like from LAN box to gateway server or > from gateway box to public internet remote ftp site or > from public internet remote user to your gateway ftp server. > > I am guessing its from gateway box to public internet remote ftp > site. > Your nat rules need to look like this example. You are missing the > second rule. > > map dc0 10.0.10.0/29 -> 0/32 proxy port 21 ftp/tcp > map dc0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp > map dc0 10.0.10.0/29 -> 0/32 > > The first rule handles all FTP traffic for the private LAN. > The second rule handles all FTP traffic from the gateway. > The third rule handles all non-FTP traffic for the private LAN. > All the non-FTP gateway traffic is using the public IP address by > default so > there is no ipnat rule needed. > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Daniel A. > Sent: Tuesday, February 14, 2006 7:42 AM > To: questions@freebsd.org > Subject: Cant login to FTP server. > > > Hi, I have some FTP login problems. > I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. > > _______SNIP_______ > Status: Connecting to dienub.org ... > Status: Connected with dienub.org. Waiting for welcome message... > Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. > Command: USER ************** > Response: 331 Password required for alive. > Command: PASS ************** > Response: 230 User alive logged in. > Command: FEAT > Response: 500 FEAT: command not understood. > Command: SYST > Response: 215 UNIX Type: L8 Version: BSD-199506 > Status: Connected > Status: Retrieving directory listing... > Command: PWD > Response: 257 "/usr/home/alive" is current directory. > Command: TYPE A > Response: 200 Type set to A. > Command: PASV > Response: 227 Entering Passive Mode (87,49,144,133,237,45) > Command: LIST > Error: Transfer channel can't be opened. Reason: A connection > attempt > failed because the connected party did not properly respond after a > period of time, or established connection failed because connected > host has failed to respond. > Error: Could not retrieve directory listing > Command: TYPE A > _______SNIP_______ > > > /etc/ipf.rules: > _______SNIP_______ > # Let clients behind the firewall send out to the internet, and > replies to > # come back in by keeping state. > pass out quick on rl0 proto tcp all keep state > pass out quick on rl0 proto udp all keep state > pass out quick on rl0 proto icmp all keep state > > # Since nothing should be coming from these address ranges, block > them > block in quick on rl0 from 192.168.0.0/16 to any > block in quick on rl0 from 172.16.0.0/12 to any > block in quick on rl0 from 10.0.0.0/8 to any > block in quick on rl0 from 127.0.0.0/8 to any > block in quick on rl0 from 192.0.2.0/24 to any > > # Let's let people access the services running behind this system > > # Let's let people access the services running on this system > pass in quick on rl0 proto tcp from any to any port 30000 >< 50000 > flags S keep state #PASV FTP > pass in quick on rl0 proto tcp from any to any port =3D 21 #FTP > pass in quick on rl0 proto tcp from any to any port =3D 22 #SSH > pass in quick on rl0 proto tcp from any to any port =3D 80 #WWW > pass in quick on rl0 proto tcp from any to any port =3D 113 #oidentd > > # Steam Dedicated Server > #pass in quick on rl0 proto udp from any to any port =3D 1200 # > Friends network > #pass in quick on rl0 proto udp from any to any port 26999 >< 27016 > # Gameport > #pass in quick on rl0 proto udp from any to any port =3D 27020 > #pass in quick on rl0 proto tcp from any to any port 27029 >< 27040 > #pass in quick on rl0 proto tcp from any to any port =3D 27015 # SRCDS > Rcon > > # Block everything else > block in quick on rl0 all > _______SNIP_______ > > > /etc/ipnat.rules > _______SNIP_______ > map rl0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp > map rl0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 1025:65000 > map rl0 192.168.0.0/16 -> 0.0.0.0/32 > _______SNIP_______ > > > Might the problem be anywhere else besides my ipf and ipnat configs? > Could it be the remote client that's the problem? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5ceb5d550602140605y243d9fbdydb1a6300e509970b>