I want ftp services to and from the internet for my gateway and my lan machines. I read the handbook but still have some questions. As I understand I have to put two lines into my ipf.rules whe I use the IPNAT built in ftp proxy.
#pass out quick on rl0 proto tcp from any to any port = 21 flags S keep state # Allow in non-secure FTP ( both passive & active modes) #pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state
one thing at the time, let's first get your LAN clients ftp access to servers on the internet (then your users will give you peace to solve the other problems :-)
But I don't understand the proxy rules ;-( !! What happens with the /29 thing? ??? Why isn't it /24 ??
Sorry, but if you give no info on your network how can we tell wether /24 or /29 is the right?
My network:
LAN-------- GW -------- Internet
xl1 xl0xl1=172.16.0.1/16 xl0=62.x.x.x/32
My ipnat rules are:
map xl0 172.16.0.0/16 -> 62.x.x.x/32 proxy port ftp ftp/tcp map xl0 172.16.0.0/16 -> 62.x.x.x/32 portmap tcp/udp auto map xl0 172.16.0.0/16 -> 62.x.x.x/32
This allows clients on 172.16.0.0/16 to connect to the outside using a many-one mapping. ftp-connections use the proxy. Make sure rules are in that order - ipnat is first match.
Please give me some hints on this.
######################## ### ip.nat.rules #######################
# This rule will handle all the traffic for the internal LAN: # map rl0 192.168.11.0/29 -> 0/32 proxy port 21 ftp/tcp
# This rule handles the FTP traffic from the gateway. # map rl0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp
# This rule handles all non-FTP traffic from the internal LAN. # map rl0 192.168.11.0/29 -> 0/32 # Only one filter rule is needed for FTP if the NAT FTP proxy is used.
you have remmed out your rules and two rules for ftp-proxy - what are your rules?
Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
