IPFW firewall NAT, port address translation, and "active" FTP
Brett Glass
brett at lariat.net
Mon Feb 8 22:10:00 UTC 2010
Everyone:
I've just attempted to build a router using FreeBSD 8.0 with IPFW's
firewall NAT. I've included the following NAT parameters:
ipfw nat 123 config if xl0 log redirect_port tcp 10.0.1.99:21 21
redirect_port tcp 10.0.1.99:20 20
Note that, among other things, incoming FTP is redirected to the
host at 10.0.1.99 inside the firewall.
The problem we're having is that users are having trouble reaching
the FTP server with some clients -- in particular, Microsoft
Internet Exploder. (I don't WANT them to be using IE, but I do not
have control over this.) Does anyone know if I need to set anything
special to make the firewall track FTP data ports?
--Brett Glass
More information about the freebsd-net
mailing list