Active-mode FTP routing question
Dima Dorfman
dima at trit.org
Sat Oct 4 16:35:41 PDT 2003
Adam McLaurin <adam.mclaurin at gmx.net> wrote:
> Let me start off by mentioning that I do understand the FTP protocol quite well,
> so we can keep replies focused on firewall/routing issues, instead of
> re-explaining how FTP works.
>
> Second, for my software: My firewall/router is running on FreeBSD
> 5.1-RELEASE-p8 with ipfilter/ipnat.
>
> Here's the problem. One of the FTP servers that I visit frequently does not
> run on port 21. As such, I cannot use 'proxy port ftp' in ipnat to punch a hole
> for the returning active mode data connection (at least, I don't see any way
> to use it).
I have this in my ipnat.rules:
map fxp0 63.198.170.138/32 -> 0.0.0.0/32 proxy port ftp ftp/tcp
and I believe that the first "ftp" is the port number to translate,
and the latter "ftp/tcp" is what protocol to expect (but I can't
confirm this because ipnat(5) doesn't document the proxy modifier).
E.g., this line loads just fine:
map fxp0 63.198.170.138/32 -> 0.0.0.0/32 proxy port 12345 ftp/tcp
but I can't test it because I don't know any FTP servers on
non-standard ports. I'm not exactly sure that this will do what you
want, but it might be worth a try.
Hope this helps,
Dima.
More information about the freebsd-net
mailing list