Hi, the server is connected directly to "the wild", and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules.
On 2/14/06, fbsd_user <[EMAIL PROTECTED]> wrote: > Daniel > You did not say where you were running ftp from. > like from LAN box to gateway server or > from gateway box to public internet remote ftp site or > from public internet remote user to your gateway ftp server. > > I am guessing its from gateway box to public internet remote ftp > site. > Your nat rules need to look like this example. You are missing the > second rule. > > map dc0 10.0.10.0/29 -> 0/32 proxy port 21 ftp/tcp > map dc0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp > map dc0 10.0.10.0/29 -> 0/32 > > The first rule handles all FTP traffic for the private LAN. > The second rule handles all FTP traffic from the gateway. > The third rule handles all non-FTP traffic for the private LAN. > All the non-FTP gateway traffic is using the public IP address by > default so > there is no ipnat rule needed. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. > Sent: Tuesday, February 14, 2006 7:42 AM > To: [EMAIL PROTECTED] > Subject: Cant login to FTP server. > > > Hi, I have some FTP login problems. > I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. > > _______SNIP_______ > Status: Connecting to dienub.org ... > Status: Connected with dienub.org. Waiting for welcome message... > Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. > Command: USER ************** > Response: 331 Password required for alive. > Command: PASS ************** > Response: 230 User alive logged in. > Command: FEAT > Response: 500 FEAT: command not understood. > Command: SYST > Response: 215 UNIX Type: L8 Version: BSD-199506 > Status: Connected > Status: Retrieving directory listing... > Command: PWD > Response: 257 "/usr/home/alive" is current directory. > Command: TYPE A > Response: 200 Type set to A. > Command: PASV > Response: 227 Entering Passive Mode (87,49,144,133,237,45) > Command: LIST > Error: Transfer channel can't be opened. Reason: A connection > attempt > failed because the connected party did not properly respond after a > period of time, or established connection failed because connected > host has failed to respond. > Error: Could not retrieve directory listing > Command: TYPE A > _______SNIP_______ > > > /etc/ipf.rules: > _______SNIP_______ > # Let clients behind the firewall send out to the internet, and > replies to > # come back in by keeping state. > pass out quick on rl0 proto tcp all keep state > pass out quick on rl0 proto udp all keep state > pass out quick on rl0 proto icmp all keep state > > # Since nothing should be coming from these address ranges, block > them > block in quick on rl0 from 192.168.0.0/16 to any > block in quick on rl0 from 172.16.0.0/12 to any > block in quick on rl0 from 10.0.0.0/8 to any > block in quick on rl0 from 127.0.0.0/8 to any > block in quick on rl0 from 192.0.2.0/24 to any > > # Let's let people access the services running behind this system > > # Let's let people access the services running on this system > pass in quick on rl0 proto tcp from any to any port 30000 >< 50000 > flags S keep state #PASV FTP > pass in quick on rl0 proto tcp from any to any port = 21 #FTP > pass in quick on rl0 proto tcp from any to any port = 22 #SSH > pass in quick on rl0 proto tcp from any to any port = 80 #WWW > pass in quick on rl0 proto tcp from any to any port = 113 #oidentd > > # Steam Dedicated Server > #pass in quick on rl0 proto udp from any to any port = 1200 # > Friends network > #pass in quick on rl0 proto udp from any to any port 26999 >< 27016 > # Gameport > #pass in quick on rl0 proto udp from any to any port = 27020 > #pass in quick on rl0 proto tcp from any to any port 27029 >< 27040 > #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS > Rcon > > # Block everything else > block in quick on rl0 all > _______SNIP_______ > > > /etc/ipnat.rules > _______SNIP_______ > map rl0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp > map rl0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 1025:65000 > map rl0 192.168.0.0/16 -> 0.0.0.0/32 > _______SNIP_______ > > > Might the problem be anywhere else besides my ipf and ipnat configs? > Could it be the remote client that's the problem? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"