[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: God, do I hate to ask another FTP question.

To: "David S." <davids@idiom.com>
Subject: Re: God, do I hate to ask another FTP question.
From: Nick Gray <nagray@austin.rr.com>
Date: Tue, 26 Mar 2002 20:24:55 -0600
Cc: misc@openbsd.org
References: <5.1.0.14.0.20020326165252.021f5f50@celestial> <5.1.0.14.0.20020326165252.021f5f50@celestial>

It seems that I am never clear enough when I post. (Mostly because at that 
point I am frustrated, I'm sure)

This is the basic net diagram

192.168.35.2<----->192.168.35.3/24.27.15.12<--- Interrnet 
--->24.242.137.194/192.168.30.2<--->192.168.30.17
Linux                   BSD VPN Gate                            BSD VPN 
Gate                    HP/UX

There are many more nodes, but this is representative.

So everything else works, telnet, ping, etc ... from backend to backend. My 
understanding of the ftp-proxy is that it is for outgoing connections only.

and like I said I can turn the firewall rules off and ftp directly to the 
outside of one gateway from the inside of another. (from 192.168.35.2 to 
24.242.137.194 for example). Turning off the pf rules and not the nat rules 
has no effect.

This is what I have in the nat.conf

nat on de0 from 192.168.30.0/24 to any -> de0
rdr on de1 from any to any port 21 -> 127.0.0.1 port 8081

de0 is outside and de1 is inside.

Thanks again


At 04:56 PM 3/26/2002 -0800, David S. wrote:

> >
> >       I really hate to bring this issue up. But I have read so many 
> emails on it
> > that I am confused. I set up FTP proxy as per the man page and now I can
> > FTP from the the private addresses to any public address. What I can't do
> > (nor can I find a solution for) Is FTP from any inside address to another
> > nodes inside addresses.
>
>Do you mean that your client on a NAT-ed network can't contact an FTP
>server on some other NAT-ed network?  If you can indeed reach public
>FTP servers, then you probably have your proxy configured properly.
>That would indicate the problem lies on the other networks NAT-ing
>gateway.  Search through the mailing list archives for information on
>how to set up an FTP server behind a NAT-ing gateway.
>
>If you want to FTP from your NAT-ed host to some arbitrary host on
>another NAT-ed network, you're probably going to have to set up a tunnel,
>so the networks can communicate "directly".  See the man pages for gre(4),
>gif(4), ipsec(4), ...
>
>
>David S.

--
Vides Credendo!
Nick Gray
Senior Network Engineer
Bruzenak inc.
nagray@bruzenak.com

References:
- God, do I hate to ask another FTP question.
  - From: Nick Gray <nagray@austin.rr.com>
- Re: God, do I hate to ask another FTP question.
  - From: "David S." <davids@idiom.com>

Prev by Date: Re: Osama'S code? 영어,일본어 실패란없습니다!! . 동반자가
Next by Date: Re: Osama'S code?
Prev by thread: Re: God, do I hate to ask another FTP question.
Next by thread: Re: God, do I hate to ask another FTP question.
Index(es):
- Date
- Thread