On 11/15/14, 12:13 AM, Egoitz Aurrekoetxea wrote:
Good afternoon,
I wanted to formulate a couple of questions I’m doing my self some time ago.
1 - With Linux, Iptables and mod_conntrack_ftp you can allow only connecting to
unprivileged port ranges for
ftp passive mode to ip addresses who have properly established a tcp/21 port
connection. Is this possible in
FreeBSD with ipfw?.
I believe not, though you maybe able to use nat to achieve this as it
has an ftp module. I
t requires understanding the protocol.. ipfw tries to not know about
protocols.
2.- I am a client A connecting to public ip 1.1.1.1 (for example) of host B. I
want this packets at B to be redirected to host C
but changing the source address of A from that packets with the ip address of
B. Later when B receives back the answer of C
that packets from the answer to be redirected to A changing B destination ip
address to A destination ip address. So when telnetting
from client A to host B for example to port 5000, really, to be telnetting host
C port 5000 for example and work this telnet properly from A.
The most important question is number two. Could you help me please?.
this is possibly doable with the NAT module or divert+natd.
We generally do not change the source address, but there are options
for nat for reverse nating that may help.
Best regards.
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
