On Fri, 7 Jul 2006, Chuck Swiger wrote:
BigBrother-{BigB3} wrote:
[ ... ]
I have trouble making a passive ftp connection to work, because every time
natd changed source port even though it should not. Sometimes it changes
within the IP_PORTRANGE_DEFAULT but sometimes it changes it to something
completely irrelevant like 30000
The verbose log of natd shows this:
Out {default} [TCP] 193.92.?????:55211 -> 193.92.????:3866 aliased to
[TCP] 193.92.??????:37962 -> 193.92.?????:3866
You might try using the punch_fw keyword or flag to natd to try and control
the portrange used for ephermeral FTP & IRC data channels, BTW...but if your
problem also affects passive-mode FTP, something else is going on.
What happens if you change your IPFW divert statement to only match the
RFC-1918 unroutable addresses which you're using, and not send internal
routable traffic to NATD...?
--
-Chuck
Dear Chuck,
Thank you for your answer.
1) I have already tried punch_fw keyword with
different settings but nothing happened. I mean that no dynamic rule was
added. I think that punch_fw works when you are on the box and try to
connect to another ftp server (thus, when you are client). I do not think
that punch_fw works when this box is the server. Passive mode from the box
itself is ok...works without any problem.
2) I am not sure how to change the divert command because take notice that
divert should be applied to both incoming and both outgoing packets. I
think that messing with divert may cause some strange problems...
I followed your suggestion and It seems that the following works (not
tested thoroughly though)
$fwcmd add 14999 skipto 15001 all from $oip to any via $oif
$fwcmd add 15000 divert natd all from any to any via $oif
(do you have any feeling for possible faults on the skipto line?)
I will test but I think it should be noted that this is a but in natd
code (I mean the 'unregistered_only').
Thanks for the support!
BB
---
Dixi et animan levavi
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
