thanks for the reply. i have not checked up on item 2 but the redirection problem has a solution outlined at http://www.openbsd.org/faq/pf/rdr.html#rdrnat which actually works. this method means for every redirected server that has a public address on the external interface on the firewall, i would need 2 sets of rdr rules: 1 for the mapping/redirecting from LAN to WAN interface and another for just the LAN interface itself (for everytime a LAN server asks for resources using the external address of another server in its LAN segment).
i will post further on the ftp problem i am having, i hope. --- horio shoichi <[EMAIL PROTECTED]> wrote: > On Mon, 29 Dec 2003 16:30:40 -0800 (PST) > Terry Singh <[EMAIL PROTECTED]> wrote: > > this is my first post to freebsd questions. > > > > MY NETWORK > > > > Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network > > > > The WAN_IF has several public addresses as aliases. I have about 20 servers > in > > the LAN that require various services allowed to the public Internet. > > > > I basically am doing a "bimap" one to one mapping per server in the LAN. > > This all works great, meaning I can surf etc etc from any LAN server to the > > Internet and also, from the Internet I can get published services on LAN > > servers. > > > > Here's the problem: > > I already mentioned that each server with a 192.168.50.x address is > "bimap"ed > > to a public address. The problem is that if I am on any of the LAN servers, > and > > want to connect to the public address of a server in the LAN, I CANNOT. > > Now first of, I could connect using private addresses and of course this > works > > like it should. But our applications have real DNS names coded in the apps > so I > > need this to work. > > > > I know it has something to be with proxy arp so I even tried placing this > line > > in sysctl.conf: net.link.ether.inet.proxyall=1.\ > > no luck. > > > > ANY IDEAS? > > > > -------------- > > Second problem > > One of the LAN servers is a FTP server. From the Internet, I can only > connect > > using ACTIVE MODE even though I allow both 20/21/tcp inbound. Here's what > > happens when passive mode is used: The initial connection is accepted, but > then > > the server sends its private address instead of its proper public address! > Of > > course it's not gonna work! So I forced active mode and voila! it worked. > > What's the fix for this bugger? I now outbound FTP has some built-in proxy > ftp > > in freebsd but what about inbound? > > > > thanks, tsingh. > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > New Yahoo! Photos - easier uploading and sharing. > > http://photos.yahoo.com/ > > _______________________________________________ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > > > 1. The network configuration like yours is known not to work. The reason and > workarounds are best detailed here. > > http://www.openbsd.org/faq/pf/rdr.html#reflect > > 2. The wu-ftp and proftp have the ability to advertize arbitrary address. > There may be others, but I don't know. > > > > horio shoichi > __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
