Hi everybody,
I hope I'm not being really off topic with this one but
it's been troubling me for a while now.
I'm looking for a way to provide acces to an ftpserver, my current
network layout looks like this:

Cable Modem ------> Gateway ---------> http/ftp server
                                                |
                                                |
                                                +------------> private http/ftp/sql server
                                                |
                                                |
                                                +------------> my workstation

The gateway does natd and ipf since the other servers have private
adresses. The problem now is that whenever I connect to my
ftp servers from the outside, the server is unable to set up a
data connection, because it wants to connect on a port > 1024, which
is blocked by my firewall(and I want to leave it that way).
Natd does the following:
natd -redirect_port tcp 192.168.0.5:20 20 -redirect_port 192.168.0.5:21 21
which redirects the traffic to my public ftp server.

As I see it there can be 2 problems with this setup;
1) The server wants to initiate the data connection at a port > 1024 and/or
2) The server still somehow reports 192.168.0.5 as its address to the clients.

I have tried to connect with the option passive is off, which I thought
should force the server to stay on port 21 for tha data connection, but
it didn't work. :(
Can/will somebody help on getting this done the proper way ?
I just want to use ipfilter, if possible, and I don't like to install
a ftp proxy for this.

Greetings,
Axel Scheepers

Unix System Administrator
VIA NET.WORKS Nederland
http://www.vianetworks.nl
ascheepersvianetworks.nl

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]