[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ftp'ing and nat'ing

To: misc@openbsd.org
Subject: ftp'ing and nat'ing
From: Casey <casey@amaonline.com>
Date: Fri, 1 Mar 2002 15:47:50 +0000
Recieved: from a computer on the internet

Hi all, after reading the faq's concerning ftp and nat I still cannot get ftp 
to work in active mode.  rl0 is my internal int, and fxp0 is my external int.

I can get passive mode to work like a champ, but the problem is, I must 
access an ftp server which does not support passive mode transfers from a 
machine that is inside my network. 

I hope that someone can point out what I am missing.  Thank you.

tail inetd.conf reads:
#kauth          stream  tcp     nowait  root    /usr/libexec/kauthd     kauthd
# Encrypted X connections
#kx             stream  tcp     nowait  root    /usr/X11R6/bin/kxd      kxd
# RPC based services
rstatd/1-3      dgram   rpc/udp wait    root    /usr/libexec/rpc.rstatd 
rpc.rstatd
rusersd/1-3     dgram   rpc/udp wait    root    /usr/libexec/rpc.rusersd 
rpc.rusersd
#walld/1        dgram   rpc/udp wait    root    /usr/libexec/rpc.rwalld 
rpc.rwalld
#sprayd/1       dgram   rpc/udp wait    root    /usr/libexec/rpc.sprayd 
rpc.sprayd
#rquotad/1      dgram   rpc/udp wait    root    /usr/libexec/rpc.rquotad 
rpc.rquotad
8081            stream  tcp     nowait  root    /usr/libexec/ftp-proxy 
ftp-proxy


Here is my pf.conf:
#       $OpenBSD: pf.conf,v 1.2 2001/06/26 22:58:31 smart Exp $
#
# See pf.conf(5) for syntax and examples
 
 
scrub in all
 
block in quick on fxp0 inet from { 127.0.0.0/8, 192.168.0.0/16, 
172.16.0.0/12, 10.0.0.0/8 } to any
 
block out quick on fxp0 inet from any to {127.0.0.0/8, 192.168.0.0/16, 
172.16.0.0/12, 10.0.0.0/8 }
 
block in log quick on fxp0 from any to any
 
pass out on rl0 from any to any keep state
 
pass out on fxp0 from any to any keep state
 
pass in on rl0 from any to any
 
pass out all

and here is my nat.conf:

#       $OpenBSD: nat.conf,v 1.4 2001/07/09 23:20:46 millert Exp $
#
# See nat.conf(5) for syntax and examples
#
# replace ext0 with external interface name, 10.0.0.0/8 with internal network
# and 192.168.1.1 with external address
#
# nat: packets going out through ext0 with source address 10.0.0.0/8 will get
# translated as coming from 192.168.1.1. a state is created for such packets,
# and incoming packets will be redirected to the internal address.
 
# nat on ext0 from 10.0.0.0/8 to any -> 192.168.1.1
 
# rdr: packets coming in through ext0 with destination 192.168.1.1:1234 will
# be redirected to 10.1.1.1:5678. a state is created for such packets, and
# outgoing packets will be translated as coming from the external address.
 
nat on fxp0 from 192.168.0.0/16 to any -> fxp0
 
rdr on fxp0 proto tcp from any to any port 21 -> 127.0.0.1 port 8081
 
Final note, I noticed that on some examples, instead of the external int 
being used, the internal was used, but when I use the internal, my ftp access 
dies.


--

Prev by Date: nofiles(descriptors) > 1024?
Next by Date: Re: ld_preload
Prev by thread: nofiles(descriptors) > 1024?
Next by thread: locking Starting system
Index(es):
- Date
- Thread