[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipf and/or ipnat question

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ipf and/or ipnat question
From: John Abbott <jabbott_(_at_)_abbotts_(_dot_)_org>
Date: Wed, 25 Oct 2000 14:57:15 -0500 (CDT)

Hello all,

I am running ipf and ipnat to protect four servers.  Three machines that I would only want a limited number of places to be allowed to ftp in, the other machine runs anonymous ftp so I thought I should have ipf.rules setup like this:
pass in quick on fxp0 proto tcp/udp from any to 206.9.120.200 port = 21

In ipnat.rules I have:
map fxp0 192.168.1.10/32 -> 206.9.120.200/32 proxy port ftp ftp/tcp

and later on in ipnat:
rdr fxp0 206.9.120.200/32 port 80 -> 192.168.1.10 port 80
rdr fxp0 206.9.120.200/32 port 22 -> 192.168.1.10 port 22
rdr fxp0 206.9.120.200/32 port ftp-data -> 192.168.1.10  port ftp-data
rdr fxp0 206.9.120.200/32 port ftp      -> 192.168.1.10  port ftp

But when I try to connect I get logged in but when I do an ls I get:
ftp> ls
200 PORT command successful.
425 Can't build data connection: Connection refused.

Any suggestions?

--ja

Prev by Date: Re: Problem with -current of 10/24
Next by Date: "typo" in current CVS
Previous by thread: Re: adduser problems
Next by thread: "typo" in current CVS
Index(es):
- Date
- Thread

Visit your host, monkey.org