FTP Client and IPFilter
Kevin Kinsey
kdk at daleco.biz
Sat Feb 19 18:58:07 PST 2005
crzdgns1 at starpower.net wrote:
>Hello,
>
>This ia a slightly longer post and I am not sure if it belongs
>here or in freebsd-questions. If it belongs in
>freebsd-questions, please let me know and I will post it
>there. Now then...
>
>
Ths list charter is at:
http://lists.freebsd.org/mailman/listinfo/freebsd-newbies
>I think I am beginning to accept the fact that I can't read,
>so I'll just state that condition from the beginning. I have
>installed FreeBSD-5.3-RELEASE and use IPFilter as my firewall.
>
>I have only one machine, with a cable modem connection to the
>internet. I have been following the directions in the
>Handbook, or so I thought, until yesterday. Yesterday I
>posted a message here titled something like "Which FTP do I
>have?" and received many helpful replies. Thank you! My FTP
>client still doesn't work and the reason it doesn't work is, I
>believe, I didn't follow the directions, which I discovered
>upon further reading of the handbook last night.
>
>My questions for today are mostly for clarification of what is
>written in the handbook, starting at section 24.5.18, Enabling
>IPNAT. I do not currently have IPNAT enabled. Given that I
>am a homeuser with only one machine, must I have IPNAT enabled
>for FTP to work properly? The ipf.rules in the handbook seem
>to indicate so, but I would appreciate confirmation.
>
>
I wouldn't think so. No network, no _N_etwork _A_ddress
_T_ranslation should be necessary.
Keep in mind (although it's maybe a big assumption on
my part), that in that particular example the machine is
serving as a gateway...
> <>
> Secondly, the first rule in section 24.5.18 enables the
> computer as a gateway. I was under the impression that it is
> wisest not to use this rule unless you genuinely intend to use
> the machine in question as a gateway. Am I correct? If so,
> can I leave the first rule out and just include the second and
> third rules and still expect the IPNAT FTP proxy to function?
>
> Thirdly, I am trying to follow the directions, believe it or
> not. Assume for the moment that I use all three rules listed
> in 24.5.18 of the handbook. Since I have only one computer,
> can I then skip directly to section 24.5.21.1, IPNAT Rules,
> add the three rules there, and then have a reasonable
> expectation that FTP will work properly from behind my
> firewall? Again, I am using the ipf.rules listed in the handbook.
>
> Thanks,
>
> Mark
I had a rather lengthy interspered reply, then I realized
that because I had a bad encounter with someone today,
I was writing as if I would take it out on you. That would be
wrong, although it's occasionally seen on the lists.
I'd suggest you send a detailed mail to questions@ at with
your ruleset and a description of what's happening (e.g., I
did this, *this*, and then **this**, and _this_, __this__, and
then ___this___ happened, but my result differed from
what I expected in {{this way}} .... )
Does FTP work properly without your firewall? Have
you attempted to turn passive mode off during the FTP
session? That's a rather common reason that FTP clients
have trouble with firewalls, and AFAIK it's mentioned in
that same chapter....
Kevin Kinsey
More information about the freebsd-newbies
mailing list