Best way to do FTP with NAT and firewall?

Brett Glass (brettlariat.org)
Fri, 17 Sep 1999 09:16:11 -0600

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Brett Glass: "Re: Securing a system that's been rooted remotely"
• Previous message: Michael Grommet: "RE: BPF on in 3.3-RC GENERIC kernel"
• Next in thread: Guy Helmer: "Re: Best way to do FTP with NAT and firewall?"
• Reply: Guy Helmer: "Re: Best way to do FTP with NAT and firewall?"
• Reply: John Howie: "Re: Best way to do FTP with NAT and firewall?"
• Reply: Eivind Eklund: "Re: Best way to do FTP with NAT and firewall?"

I've just set up a firewall for a client using ipfw and natd. Trouble is, his software seems to be particularly insistent on doing active, rather than passive, FTP. This poses a problem, of course, because a remote system can't open just data sockets to one behind the firewall due to NAT.

I've worked with plenty of commercial firewalls that monitor FTP control connections and spoof the port number for the data sockets. SLiRP does it; so, apparently, does the pppd that comes with FreeBSD. But I can't find any documented way to do it with ipfw and natd.

Are there undocumented commands to accomplish this?

--Brett

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Brett Glass: "Re: Securing a system that's been rooted remotely"
• Previous message: Michael Grommet: "RE: BPF on in 3.3-RC GENERIC kernel"
• Next in thread: Guy Helmer: "Re: Best way to do FTP with NAT and firewall?"
• Reply: Guy Helmer: "Re: Best way to do FTP with NAT and firewall?"
• Reply: John Howie: "Re: Best way to do FTP with NAT and firewall?"
• Reply: Eivind Eklund: "Re: Best way to do FTP with NAT and firewall?"

This archive was generated by hypermail 2.0b3 on Fri Sep 17 1999 - 10:14:57 CDT