Hi,
the server is connected directly to "the wild", and I'm connecting
from a remote non-local host.
Are you sure that those are ipf rules? They look a lot like ipnat rules.

On 2/14/06, fbsd_user <[EMAIL PROTECTED]> wrote:
> Daniel
> You did not say where you were running ftp from.
> like from LAN box to gateway server  or
> from gateway box to public internet remote ftp site  or
> from public internet remote user to your gateway ftp server.
>
> I am guessing its from gateway box to public internet remote ftp
> site.
> Your nat rules need to look like this example. You are missing the
> second rule.
>
> map dc0 10.0.10.0/29 -> 0/32 proxy port 21 ftp/tcp
> map dc0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp
> map dc0 10.0.10.0/29 -> 0/32
>
> The first rule handles all FTP traffic for the private LAN.
> The second rule handles all FTP traffic from the gateway.
> The third rule handles all non-FTP traffic for the private LAN.
> All the non-FTP gateway traffic is using the public IP address by
> default so
> there is no ipnat rule needed.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Daniel A.
> Sent: Tuesday, February 14, 2006 7:42 AM
> To: [EMAIL PROTECTED]
> Subject: Cant login to FTP server.
>
>
> Hi, I have some FTP login problems.
> I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled.
>
> _______SNIP_______
> Status: Connecting to dienub.org ...
> Status: Connected with dienub.org. Waiting for welcome message...
> Response:       220 m00h.dienub.org FTP server (Version 6.00LS) ready.
> Command:        USER **************
> Response:       331 Password required for alive.
> Command:        PASS **************
> Response:       230 User alive logged in.
> Command:        FEAT
> Response:       500 FEAT: command not understood.
> Command:        SYST
> Response:       215 UNIX Type: L8 Version: BSD-199506
> Status: Connected
> Status: Retrieving directory listing...
> Command:        PWD
> Response:       257 "/usr/home/alive" is current directory.
> Command:        TYPE A
> Response:       200 Type set to A.
> Command:        PASV
> Response:       227 Entering Passive Mode (87,49,144,133,237,45)
> Command:        LIST
> Error:  Transfer channel can't be opened. Reason: A connection
> attempt
> failed because the connected party did not properly respond after a
> period of time, or established connection failed because connected
> host has failed to respond.
> Error:  Could not retrieve directory listing
> Command:        TYPE A
> _______SNIP_______
>
>
> /etc/ipf.rules:
> _______SNIP_______
> # Let clients behind the firewall send out to the internet, and
> replies to
> # come back in by keeping state.
> pass out quick on rl0 proto tcp all keep state
> pass out quick on rl0 proto udp all keep state
> pass out quick on rl0 proto icmp all keep state
>
> # Since nothing should be coming from these address ranges, block
> them
> block in quick on rl0 from 192.168.0.0/16 to any
> block in quick on rl0 from 172.16.0.0/12 to any
> block in quick on rl0 from 10.0.0.0/8 to any
> block in quick on rl0 from 127.0.0.0/8 to any
> block in quick on rl0 from 192.0.2.0/24 to any
>
> # Let's let people access the services running behind this system
>
> # Let's let people access the services running on this system
> pass in quick on rl0 proto tcp from any to any port 30000 >< 50000
> flags S keep state #PASV FTP
> pass in quick on rl0 proto tcp from any to any port = 21 #FTP
> pass in quick on rl0 proto tcp from any to any port = 22 #SSH
> pass in quick on rl0 proto tcp from any to any port = 80 #WWW
> pass in quick on rl0 proto tcp from any to any port = 113 #oidentd
>
>         # Steam Dedicated Server
> #pass in quick on rl0 proto udp from any to any port = 1200 #
> Friends network
> #pass in quick on rl0 proto udp from any to any port 26999 >< 27016
> # Gameport
> #pass in quick on rl0 proto udp from any to any port = 27020
> #pass in quick on rl0 proto tcp from any to any port 27029 >< 27040
> #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS
> Rcon
>
> # Block everything else
> block in quick on rl0 all
> _______SNIP_______
>
>
> /etc/ipnat.rules
> _______SNIP_______
> map rl0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp
> map rl0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 1025:65000
> map rl0 192.168.0.0/16 -> 0.0.0.0/32
> _______SNIP_______
>
>
> Might the problem be anywhere else besides my ipf and ipnat configs?
> Could it be the remote client that's the problem?
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>
>
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to