OK, then try; rdr xl1 0/0 port 21 -> 200.198.106.170/32 port 21 or rdr xl1 0/32 port 21 -> 200.198.106.170/32 port 21
I'm not able to check my firewall right now and I'm on NetBSD 5+ with a newer version of ipf, but I don't think the rdr syntax has changed that much... > I got only 0/0 supported error at "32" > > -----Mensagem original----- > De: [email protected] > [mailto:[email protected]] Em nome de > [email protected] > Enviada em: quinta-feira, 13 de agosto de 2009 11:04 > Para: Luis Henrique Machado Jr. > Cc: [email protected] > Assunto: Re: IPF and FTP Server > > OK. > > For incoming connections, I think you want: > assuming your outward facing IP address is x.y.z.p > rdr xl1 x.y.z.p/32 port 21 -> 200.198.106.170/32 port 21 > > I think that's all you need. > > You cannot combine the two rules below because "first match wins" > as I understand it, and the second rule is never reached. > > Check to make sure windows firewall is either disabled or allows > ftp...you probably already have done this, but that is one thing > that could mess this up. > > >> I have no firewall at WinXP >> >> Xl0 is my internal interface >> >> >> |INTERNET| ---- (xl1) Firewall (xl0) ----- My Network >> >> My actual rules for this: >> >> rdr xl0 200.198.106.170/32 port 21 -> 128.1.1.9 port 21 >> map xl0 from 128.1.1.9/32 to any port=21 -> 200.198.106.170/32 proxy >> port >> 21 >> ftp/tcp >> >> And the output of http://ftptest.net >> >> >> >> Status: Resolving address of 200.198.106.170 >> Status: Connecting to 200.198.106.170 >> Status: Connected, waiting for welcome message >> Reply: 220 Servidor de FTP Termolar S/A >> Command: CLNT http://ftptest.net on behalf of 189.6.151.104 >> Reply: 200 Don't care >> Command: USER XXXXX >> Reply: 331 Password required for XXXXX >> Command: PASS XXXXX >> Reply: 230 Logged on >> Command: FEAT >> Reply: 211-Features: >> Reply: MDTM >> Reply: REST STREAM >> Reply: SIZE >> Reply: MLST type*;size*;modify*; >> Reply: MLSD >> Reply: UTF8 >> Reply: CLNT >> Reply: MFMT >> Reply: 211 End >> Command: PWD >> Reply: 257 "/" is current directory. >> Status: Current path is / >> Command: TYPE I >> Reply: 200 Type set to I >> Command: PASV >> Reply: 227 Entering Passive Mode (200,198,106,170,27,98) >> Command: MLSD >> >> >> >> -----Mensagem original----- >> De: Jason J. Hellenthal [mailto:[email protected]] >> Enviada em: quarta-feira, 12 de agosto de 2009 15:37 >> Para: [email protected] >> Cc: Luis Henrique Machado Jr.; [email protected] >> Assunto: Re: IPF and FTP Server >> >> On Wed, 12 Aug 2009 17:54:01 -0000 (UTC) >> [email protected] wrote: >> >>> > Hello! I'm trouble to get working my Filezilla FTP Server. >>> > >>> > Scen�rio: >>> > >>> > FileZilla Ftp server running on a XP Machine (Yes, need to be >>> windows) >>> > >>> > Firewall: FreeBSD 6.2-RELEASE-p9 >>> > >>> > [henri...@guardian /]# ipf -V >>> > >>> > ipf: IP Filter: v4.1.13 (416) >>> > >>> > Kernel: IP Filter: v4.1.13 >>> > >>> > Running: yes >>> > >>> > Log Flags: 0 = none set >>> > >>> > Default: block all, Logging: available >>> > >>> > Active list: 0 >>> > >>> > Feature mask: 0x10a >>> > >>> > I'm trying to implement this rule: >>> > >>> > map xl0 128.1.1.9/32 -> 200.198.106.170/32 proxy port ftp ftp/tcp >>> > >>> > But I got this: >>> > >>> > invalid port number error at "tcp", line 5 >>> > >>> > help!! >>> >>> >>> Hi Luis, >>> >>> Any luck yet? >>> >>> If I understand your desire, you want ftp connection requests from >>> the internet into the firewall to redirect to an XP machine inside >>> the firewall. >>> >>> I think you want to use the rdr command rather than map for that. >>> >>> What is your outward facing interface? I assume xl0 is inward facing. >>> >>> Give me that and I'll take a stab at a rule for you to try.
