[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ftp-server behind a fw



Hi.

I've set up a old pentium with openbsd 2.9 as a firewall for a friend
(adsl, with dhcp assigned ip). Everything seems to work, but one thing.
My friend want so run a ftp-server on a computer behind the firewall.
I thought this could be done with ipnat. I wrote a "rdr ne3 0/32 port
21 -> 192.168.1.40 port 21 tcp" and let traffic pass on port 21 on
interface ne3 on the firewall.

Of course this didn't work, at all. Any suggestions?

Regards Johan Axelsson

-


These are the complete ipf.rules and ipnat.rules:

<ipnat.rules>

map ne3 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp

map ne3 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:60000
map ne3 192.168.1.0/24 -> 0/32

rdr ne3 0/32 port 21 -> 192.168.1.40 port 21 tcp

<ipf.rules>

# Loopback
pass out quick on lo0 from any to any
pass in quick on lo0 from any to any

# drop itsy bitsy frags
block in quick proto tcp all with short

# drop source routed packets
block in quick on ne3 all with opt lsrr
block in quick on ne3 all with opt ssrr

#ne3 (outside)
#SSH
pass in quick on ne3 proto tcp from any to any port = 22 flags S keep
state

#FTP
pass in quick on ne3 proto tcp from any to any port = 21 flags S keep
state

#Default block ne3
block return-rst in quick on ne3 proto tcp from any to any
block return-icmp-as-dest(port-unr) in quick on ne3 proto udp from any
to any
block in quick on ne3 proto icmp from any to any
block in quick on ne3 from any to any

#Out
pass out quick on ne3 proto tcp from any to any flags S keep state
pass out quick on ne3 proto udp from any to any keep state
pass out quick on ne3 proto icmp from any to any keep state

#xl0 (inside)
pass in quick on xl0 proto tcp from any to any flags S keep state
pass in quick on xl0 proto udp from any to any keep state
pass in quick on xl0 proto icmp from any to any keep state

pass out quick on xl0 proto tcp from any to any flags S keep state
pass out quick on xl0 proto udp from any to any keep state
pass out quick on xl0 proto icmp from any to any keep state