ipnat port-range
alexus
alexus at gmail.com
Sun May 17 21:27:00 UTC 2009
2009/5/17 Patrick Lamaizière <patfbsd at davenulle.org>:
> Le Sun, 17 May 2009 16:16:51 -0400,
> alexus <alexus at gmail.com>:
>
>> i dont see how things are obvious for you as they not so obvious for
>> me. first of all my ipf default policy to allow everything.
>>
>> so the original question is for ipnat and not for ipf
>>
>> now for non-passive (active) i put in these rules
>>
>> rdr bce0 0/0 port ftp-data -> lama port ftp-data tcp
>> rdr bce0 0/0 port ftp -> lama port ftp tcp
>>
>> and for pasv i still dont know what to do
>>
>> i've tried
>>
>> rdr bce0 0/0 port 49152-65534 -> lama port 65534
>>
>> and in my ftp i said that this is range for pasv connections
>
> I don't think there is a way to redirect a ports ranges to a ports
> range with ipnat. For my ftp server I redirect each port (I use 30000
> to 30039 for FTP) with a rule:
> rdr vr0 0.0.0.0/0 port 21 -> 192.168.1.4 port 21
> rdr vr0 0.0.0.0/0 port 30000 -> 192.168.1.4 port 30000
> rdr vr0 0.0.0.0/0 port 30001 -> 192.168.1.4 port 30001
> ...
> rdr vr0 0.0.0.0/0 port 30038 -> 192.168.1.4 port 30038
> rdr vr0 0.0.0.0/0 port 30039 -> 192.168.1.4 port 30039
>
> For ipnat see
> http://www.westworks.ch/~chris/netbsd/NetBSD-NAT-FTP-server.html
>
> Regards.
>
i've spoke with Chris, he suggest i use
rdr bce0 0/0 port 49152-65534 -> lama port 49152 tcp
or use openbsd's pf with
rdr on bce0 proto tcp from any to any port 49152:65534 -> lama port 49152:*
for now and i'm still testing, i was able to get where i want with
rdr bce0 0/0 -> lama proxy port ftp ftp/tcp
so far seems to be working... if not i'll try chris suggestion
--
http://alexus.org/
More information about the freebsd-questions
mailing list