Ftp behind firewall/nat

Andras Kende andras at kende.com
Mon Jan 31 13:51:59 PST 2005



-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of eric wyzerski
Sent: Monday, January 31, 2005 2:11 PM
To: freebsd-questions at freebsd.org
Subject: Ftp behind firewall/nat

Hi,

For a whole day I tried to make an ftp who is behind the firewall to work 
but Im not able. My ipf rules are:

pass in quick from any to any
pass out quick from any to any

So it is not a ipf problem. My ipnat rules are:

map rl0 10.0.0.0/8 -> 0/32

rdr rl0 X.X.X.X/32 port 21 -> 10.1.1.6 port 21 tcp

where X.X.X.X is my external IP, rl0 my external interface and 10.1.1.6 the 
ftp server. I am able to login and when I do the dir command its freeze. I 
have do tcpdump and I see the SYN packet goes but its never get answer. I 
really need help/advise
Thank you and please CC me the answer because im not in the list
Eric

_________________________________________________________________
Take advantage of powerful junk e-mail filters built on patented MicrosoftR 
SmartScreen Technology. 
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=htt
p://hotmail.com/enca&HL=Market_MSNIS_Taglines 
  Start enjoying all the benefits of MSNR Premium right now and get the 
first two months FREE*.

_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"




Hello,

This setup is only working with active ftp connections..
It's freezing at dir command because it's trying to do a passive connection

You would need to setup the ftp server for serve passive connections and
ipnat to redirect in a range of ports

something like:

PassivePortRange 5000 5010    - ftpd config


rdr rl0 X.X.X.X/32 port 5000 -> 10.1.1.6 port 5000 tcp
rdr rl0 X.X.X.X/32 port 5001 -> 10.1.1.6 port 5001 tcp
rdr rl0 X.X.X.X/32 port 500x -> 10.1.1.6 port 500x tcp

Or use only active ftp connections..

Andras Kende
http://www.kende.com





More information about the freebsd-questions mailing list