OK. For incoming connections, I think you want: assuming your outward facing IP address is x.y.z.p rdr xl1 x.y.z.p/32 port 21 -> 200.198.106.170/32 port 21
I think that's all you need. You cannot combine the two rules below because "first match wins" as I understand it, and the second rule is never reached. Check to make sure windows firewall is either disabled or allows ftp...you probably already have done this, but that is one thing that could mess this up. > I have no firewall at WinXP > > Xl0 is my internal interface > > > |INTERNET| ---- (xl1) Firewall (xl0) ----- My Network > > My actual rules for this: > > rdr xl0 200.198.106.170/32 port 21 -> 128.1.1.9 port 21 > map xl0 from 128.1.1.9/32 to any port=21 -> 200.198.106.170/32 proxy port > 21 > ftp/tcp > > And the output of http://ftptest.net > > > > Status: Resolving address of 200.198.106.170 > Status: Connecting to 200.198.106.170 > Status: Connected, waiting for welcome message > Reply: 220 Servidor de FTP Termolar S/A > Command: CLNT http://ftptest.net on behalf of 189.6.151.104 > Reply: 200 Don't care > Command: USER XXXXX > Reply: 331 Password required for XXXXX > Command: PASS XXXXX > Reply: 230 Logged on > Command: FEAT > Reply: 211-Features: > Reply: MDTM > Reply: REST STREAM > Reply: SIZE > Reply: MLST type*;size*;modify*; > Reply: MLSD > Reply: UTF8 > Reply: CLNT > Reply: MFMT > Reply: 211 End > Command: PWD > Reply: 257 "/" is current directory. > Status: Current path is / > Command: TYPE I > Reply: 200 Type set to I > Command: PASV > Reply: 227 Entering Passive Mode (200,198,106,170,27,98) > Command: MLSD > > > > -----Mensagem original----- > De: Jason J. Hellenthal [mailto:[email protected]] > Enviada em: quarta-feira, 12 de agosto de 2009 15:37 > Para: [email protected] > Cc: Luis Henrique Machado Jr.; [email protected] > Assunto: Re: IPF and FTP Server > > On Wed, 12 Aug 2009 17:54:01 -0000 (UTC) > [email protected] wrote: > >> > Hello! I'm trouble to get working my Filezilla FTP Server. >> > >> > Scen�rio: >> > >> > FileZilla Ftp server running on a XP Machine (Yes, need to be windows) >> > >> > Firewall: FreeBSD 6.2-RELEASE-p9 >> > >> > [henri...@guardian /]# ipf -V >> > >> > ipf: IP Filter: v4.1.13 (416) >> > >> > Kernel: IP Filter: v4.1.13 >> > >> > Running: yes >> > >> > Log Flags: 0 = none set >> > >> > Default: block all, Logging: available >> > >> > Active list: 0 >> > >> > Feature mask: 0x10a >> > >> > I'm trying to implement this rule: >> > >> > map xl0 128.1.1.9/32 -> 200.198.106.170/32 proxy port ftp ftp/tcp >> > >> > But I got this: >> > >> > invalid port number error at "tcp", line 5 >> > >> > help!! >> >> >> Hi Luis, >> >> Any luck yet? >> >> If I understand your desire, you want ftp connection requests from >> the internet into the firewall to redirect to an XP machine inside >> the firewall. >> >> I think you want to use the rdr command rather than map for that. >> >> What is your outward facing interface? I assume xl0 is inward facing. >> >> Give me that and I'll take a stab at a rule for you to try. >> >> --gene > > As well are you sure that your windows firewall is not blocking traffic to > the ftp service ? > > -- > Jason J. Hellenthal > +1.616.403.8065 > [email protected] > >
