'unregistered_only' in natd does not work?

Chuck Swiger cswiger at mac.com
Fri Jul 7 14:45:15 UTC 2006


BigBrother-{BigB3} wrote:
[ ... ]
> I have trouble making a passive ftp connection to work, because every 
> time natd changed source port even though it should not. Sometimes it 
> changes within the IP_PORTRANGE_DEFAULT but sometimes it changes it to 
> something completely irrelevant like 30000
> 
> The verbose log of natd shows this:
> 
> Out {default}  [TCP] 193.92.?????:55211 -> 193.92.????:3866 aliased to
>            [TCP] 193.92.??????:37962 -> 193.92.?????:3866

You might try using the punch_fw keyword or flag to natd to try and control 
the portrange used for ephermeral FTP & IRC data channels, BTW...but if your 
problem also affects passive-mode FTP, something else is going on.

What happens if you change your IPFW divert statement to only match the 
RFC-1918 unroutable addresses which you're using, and not send internal 
routable traffic to NATD...?

-- 
-Chuck



More information about the freebsd-questions mailing list