'unregistered_only' in natd does not work?
Chuck Swiger
cswiger at mac.com
Fri Jul 7 14:45:15 UTC 2006
BigBrother-{BigB3} wrote:
[ ... ]
> I have trouble making a passive ftp connection to work, because every
> time natd changed source port even though it should not. Sometimes it
> changes within the IP_PORTRANGE_DEFAULT but sometimes it changes it to
> something completely irrelevant like 30000
>
> The verbose log of natd shows this:
>
> Out {default} [TCP] 193.92.?????:55211 -> 193.92.????:3866 aliased to
> [TCP] 193.92.??????:37962 -> 193.92.?????:3866
You might try using the punch_fw keyword or flag to natd to try and control
the portrange used for ephermeral FTP & IRC data channels, BTW...but if your
problem also affects passive-mode FTP, something else is going on.
What happens if you change your IPFW divert statement to only match the
RFC-1918 unroutable addresses which you're using, and not send internal
routable traffic to NATD...?
--
-Chuck
More information about the freebsd-questions
mailing list