[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: God, do I hate to ask another FTP question.
It seems that I am never clear enough when I post. (Mostly because at that
point I am frustrated, I'm sure)
This is the basic net diagram
Linux BSD VPN Gate BSD VPN
There are many more nodes, but this is representative.
So everything else works, telnet, ping, etc ... from backend to backend. My
understanding of the ftp-proxy is that it is for outgoing connections only.
and like I said I can turn the firewall rules off and ftp directly to the
outside of one gateway from the inside of another. (from 192.168.35.2 to
18.104.22.168 for example). Turning off the pf rules and not the nat rules
has no effect.
This is what I have in the nat.conf
nat on de0 from 192.168.30.0/24 to any -> de0
rdr on de1 from any to any port 21 -> 127.0.0.1 port 8081
de0 is outside and de1 is inside.
At 04:56 PM 3/26/2002 -0800, David S. wrote:
> > I really hate to bring this issue up. But I have read so many
> emails on it
> > that I am confused. I set up FTP proxy as per the man page and now I can
> > FTP from the the private addresses to any public address. What I can't do
> > (nor can I find a solution for) Is FTP from any inside address to another
> > nodes inside addresses.
>Do you mean that your client on a NAT-ed network can't contact an FTP
>server on some other NAT-ed network? If you can indeed reach public
>FTP servers, then you probably have your proxy configured properly.
>That would indicate the problem lies on the other networks NAT-ing
>gateway. Search through the mailing list archives for information on
>how to set up an FTP server behind a NAT-ing gateway.
>If you want to FTP from your NAT-ed host to some arbitrary host on
>another NAT-ed network, you're probably going to have to set up a tunnel,
>so the networks can communicate "directly". See the man pages for gre(4),
>gif(4), ipsec(4), ...
Senior Network Engineer