Hello all,
After an hour of googling I turned up empty so I decided to post here.
I'm running a server with a single IPv4 address and a number of VNET
jails. The jails all have RFC1918 addresses and are connected to a
bridge. Pretty standard stuff and everything works, including individual
port redirection.
The problem now: passive FTP. I would like to NAT a range of high ports
to an FTP jail on the inside. The jail lives at 10.20.0.17 and runs a
low traffic anonymous FTP server for public use. Configuring the NAT to
redirect ports 20 and 21 there individually works just fine. In order to
also forward ports 63000-65000 there (the passvie high-port range as
configured on the FTP server), I run into errors when trying to use
redirect_port with a range.
So this part of the NAT config works fine:
redirect_port tcp 10.20.0.17:21 21
While this bit runs into errors:
redirect_port tcp 10.20.0.17:63000-65000 63000-65000
I looked at the source code and it seems that the in-kernel NAT indeed
doesn't permit passing in port ranges for redirection. Is this true? And
if so, what would my options be? I'm trying to run as few services as
possible on the host itself, so I'd prefer to not run FTP proxies on
there unless that really is the best way forward. My other option seems
to be natd.
Any help or insights would be much appreciated!
Bas