Or, switch to using IPFILTER/IPNAT which has special features to handle the case of FTP.
MAtt > Your problem is that the ports you have allowed are not the only ports FTP > uses. FTP makes use of two separate TCP connections. > > The first is the command connection ( 21/tcp) which is the connection used > for logging in , and issuing commands. However when you make a data > connection ( retrieving a file, listing a directory) a data connection is > opened up. Traditionally , port 20/tcp ( ftp-data) was used. The process > being that the server opened a connection to your client machine from port > 20. > > This clearly has issues when combined with firewalls and NAT. > > The other FTP transfer mode is Passive mode. Here, a data request is made, > and the server provides details of what port the client should connect to. > > The problem you are seeing is because you are not natting all the possible > ports through. The best suggestion I have is to install something like > jftpgw which will run on your firewall/gateway and act as a FTP proxy back > to the FTP server. > > > Regards, > > Barry > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, July 23, 2003 1:51 PM > Subject: PLEASE HEEEEEELLLLPPPP ME... > > > > please HELP !!! > > > > > > Ok... here is my problem that I tried to explain completly ! > > > > The situation is the one below: > > > > ===================================== > > |SpeedToucheHome Ethernet ADSL Modem| > > | 10.0.0.138/24 | > > ===================================== > > | > > 10.0.0.0/24 > > | > > ========================== > > | 10.0.0.1/24 | > > | (A) 10.1.0.254/24 |- 10.1.0.0/24 - (... DMZ ...) > > | 192.168.1.254/24 | > > ========================== > > | > > 192.168.1.0/24 > > | > > ... > > clients workstations > > > > > > My problem is about the computer A which does not what I would like It > does. > > > > Currently, this computer has a customized kernel with thoses options: > > IPFIREWALL > > IPDIVERT > > > > but not IPFILTER !!! maybe it is the problem, I don't know ! > > > > in the rc.conf, I made the following configuration > > firewall_enabled="YES" > > firewall_type="SIMPLE" (but I tried too with OPEN") > > > > natd_enable="YES" > > natd_interface="tun0" (this is the interface for PPPoE, I think) > > natd_flags="-f /etc/natd.conf" > > > > ... > > > > > > and in natd.conf: > > dynamic > > interface tun0 > > redirect_port tcp 10.1.0.1:20-21 20-21 > > > > > > 10.1.0.1 is the IP address from my FTP server which is a computer placed > in the > > DMZ. > > > > My problem is: "from outside, I cannot access to the FTP server..." > > > > What I can say is: > > First: My FTP server is OK because from inside, I can access to it from > any > > computer in DMZ or from clients workstations. > > Secund: The answer to an outside request is "connection closed by host". > > Third: Interface tun0 (the virtual interface for PPPoE) receives the ftp > > request but does not forward them to ed1 (the outside netcard from A and > > configured with 10.0.0.1). (I discoverd that with tcpdump). > > (the others interfaces get no more ftp packets from tun0)... > > > > So, what can I do to solve this problem... > > > > Thank you > > > > Sylvain. > > _______________________________________________ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
