Date: Mon, 3 Jun 2002 14:29:32 -0500 From: "Darryl Hoar" <darryl@osborne-ind.com> To: <freebsd-questions@freebsd.org> Subject: RE: IPFILTER & FTP Message-ID: <005501c20b34$fd329230$0701a8c0@darryl> In-Reply-To: <20020531215818.B36456@prioris.mini.pw.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
<snip> >From: Grzegorz Czaplinski [mailto:gregory@prioris.mini.pw.edu.pl] >In /etc/ipnat.rules you should have an entry: >map fxp0 192.168.1.0/24 -> external/32 proxy port ftp ftp/tcp > >Where fxp0 is your extrenal interface, 192.168.1.0/24 local network, >and external is external interface. > >Put this rule before those two: >map fxp0 192.168.1.0/24 -> external/32 portmap tcp/udp 20000:30000 >map fxp0 192.168.1.0/24 -> external/32 > >That should help. Have fun. >Regards, > gregory > >On Fri, May 31, 2002 at 01:55:33PM -0500, Darryl Hoar wrote: >> Greetings, >> I have a 4.5 box setup running IPFilter. It is the firewall >to my LAN, and >> also does NAT. >> >> The problem I have is when I try to ftp to a server, it logs >me in OK to the >> ftp> prompt. >> When I do an ls, it >> 220 Entering Passive Mode (my private ip 192.168.1,101) >> and just hangs. >> >> Do I need to add a rule in my IPFilters on my firewall to >allow my computer >> to ftp >> another computer (on the internet)? >> >> Any ideas? >> >> thanks, >> Darryl <snip> Well, I checked my ipf.rules file and my out bound and inbound have keep state. I have tried putting: map xl0 0/0 -> 0/32 proxy port 21 ftp/tcp in my ipnat.rules file. When I do this, I can ftp passive into a machine when logged into my firewall. From any other machine on my network, no joy. If I replace that with: map xl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp I can't ftp even from the firewall. I have double checked my ipf.rules and they look right. What am I missing here? thanks for any ideas, Darryl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005501c20b34$fd329230$0701a8c0>