natd & passive FTP not working

Andras Kende andras at kende.com
Sat May 24 11:17:42 PDT 2003



-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Niklas Saers
Mailinglistaccount
Sent: Saturday, May 24, 2003 3:18 AM
To: freebsd-questions at freebsd.org
Subject: natd & passive FTP not working


Hi, I'm running a FreeBSD firewall and have a FTP server on the inside of
this (the firewall is the outer firewall of a dmz, and yes, I need the FTP).
My problem is that passive connections from the outside seem to die, but
active connections live. I wasn't expecting active connections to live,
but I don't mind that. But please, how do I connect with passive FTP?

This is what happens from an outside box:

$ ftp ftp://user:pass@193.212.204.46:/
Connected to 193.212.204.46.
220 www.registrar.no FTP server (Version 6.00LS) ready.
331 Password required for user.
230 User user logged in, access restrictions apply.
200 Type set to I.
250 CWD command successful.
ftp> ls
ftp: connect: Operation timed out
ftp> passive
Passive mode off.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 12
drwxr-xr-x  2 user  users  512 May 17 16:10 bin
226 Transfer complete.
ftp>

My firewall has the following in it's natd.config:
interface fxp0
punch_fw 9000:800
deny_incoming yes
log_ipfw_denied yes
log yes
redirect_port tcp 192.168.1.10:20  193.212.204.46:20
redirect_port tcp 192.168.1.10:21  193.212.204.46:21
redirect_port udp 192.168.1.10:20  193.212.204.46:20
redirect_port udp 192.168.1.10:21  193.212.204.46:21

My fxp0 has IP 193.212.204.46 and my fxp2 has IP 192.168.1.1

My firewall rules are for the moment:
00100  51820 26378787 divert 8668 ip from any to any via fxp0
00200 179730 75469049 allow ip from any to any

(I'll tighten them more as soon as I've got all of this running. But I
figure natd takes most already)

So again, how do I make passive FTP work for this setup?

Cheers

  Nik
____________________________________________________________________________
__________________


Hello Nik,

I would try something like:

Firewall:

redirect_port tcp 192.168.1.10:51000-51999  193.212.204.46:51000-51999

FTP server:

Proftpd config:
PassivePorts 51000 51999


Look for details here:
http://slacksite.com/other/ftp.html
http://slacksite.com/other/ftp-appendix1.html


Best regards,

Andras Kende

____________________________________________________________________________
__________________



More information about the freebsd-questions mailing list