[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    ftp proxy, bimap and nat (oh my!)
From:       "Wendell Schubert" <pincushion () webeworld ! com>
Date:       2000-12-22 6:34:39
[Download RAW message or body]

Do these all coexist? They used to with OpenBSD 2.6 (and whatever version of
IPF comes built in), but stopped working when I upgraded to OBSD 2.8 (with
both the built in ipf 3.3.18 and 3.4.15). All Internet services are working
(web, mail, passive ftp, etc.) except for active ftp.

For testing purposes I set my ipf.rules to allow all traffic in and out, and
left my ipnat.rules like so:
map xl0 192.168.0.0/24 -> x.x.x.x/32 proxy port ftp ftp/tcp
bimap xl0 192.168.0.5/32 -> x.x.x.x/32

I do not use the 'basic' nat rules ala:
map dc0 192.168.1.0/24 -> 24.5.0.5/32 portmap tcp/udp 10000:60000
map dc0 192.168.1.0/24 -> 24.5.0.5/32

because I do not need them with bimap (at least, I don't think I need them -
as I said, everything was working with OBSD 2.6), and it lets me stop
computers from hitting the internet by simply commenting their bimap out of
the ipnat.rules and reloading ipnat.

While troubleshooting, I did try adding the above 'basic' rules in, under
(and I tried above) the bimap rules and active FTP still didn't work. If I
remove the bimap, then active FTP works just fine.

I hope this is all clear, it's kind of late and I've been working on this
for a few days.

Thanks,
 Wendell

[prev in list] [next in list] [prev in thread] [next in thread]