IPFW2+NAT stateful rules VS. FTP
Chuck Swiger
cswiger at mac.com
Sat Sep 10 08:20:35 PDT 2005
Peter Rosa wrote:
[ ... ]
> Or is it better to use /etc/nad.conf to redirect all incomming connections
> on ports 20 and 21 to localhost?
>
> Any help is *very* appreciated :-)
If you use "passive mode" FTP, that ought to work fine. If you use "active
mode" FTP, you ought to use the FTP proxying built into NATD (see the
-use_sockets and -punch_fw options), which is aware of the FTP data channel.
You should not attempt to use port forwarding when you are also using NAT
unless you know what you are doing. Without special measures being taken on
the machine being forwarded to, it will ignore such traffic because the IP
addresses won't match.
--
-Chuck
More information about the freebsd-ipfw
mailing list