Re: Forward ftp request another server

From: Seth Arnold (sarnold@wirex.com)
Date: 07/15/02


Date: Sun, 14 Jul 2002 19:23:20 -0700
From: Seth Arnold <sarnold@wirex.com>
To: SpaceWalker <spacewalker@altern.org>


On Sun, Jul 14, 2002 at 03:33:27PM +0200, SpaceWalker wrote:
> I'm using ipnat from ipfilter on my solaris box, with these rules :
>
> map ppp0 192.168.1.0/24 -> 0.0.0.0/32
> map ppp0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
>
> but the ftp proxy doesn't work as expected. Only passive sessions are
> accepted, and that's quite anoying because some windows programs (like
> norton AV) doesn't let you the choice of using PASV mode. Comments
> are welcome.

SpaceWalker, when I used ipfilter on my OpenBSD machine (quite some time
ago, so things may have changed :) I discovered that the proxy port ftp
ftp/tcp line must be _before_ the general NAT line. Reverse the order of
the two lines, reload, and try again. :)

-- 
http://immunix.org/




Relevant Pages

  • ipfilter ipf.conf on solaris 10 problems
    ... I am having problems moving from SunScreen 3.2 from Solaris 9 to ipfilter as ... pass in quick on dmfe0 proto icmp from any to 1.1.1.40/32 icmp-type 11 ...
    (SunManagers)
  • Re: Solaris 10 - ARG!
    ... solaris 10's SVC. ... shows no ipfilter, yet another command to start the pfil server... ... restart pfil, no errors. ...
    (comp.unix.solaris)
  • Re: Wrt54G is a FW appliance?
    ... >> You've been told more than once already that Sun ship and support IPFilter ... >> You could try claiming that Sun and Solaris are somehow 'unproven'...... ... Sun ships IPFilter *on* Solaris as *standard*. ...
    (comp.security.firewalls)
  • Re: Filtering out P2P traffic
    ... You may be interesed in Snort and Snortsam ... In an educational institution I use Solaris 10 on the gateway between ... Is possible to block P2P traffic with the IPFilter included in Solaris ...
    (Focus-SUN)
  • Solaris 10 - ARG!
    ... I've admin'ed solaris for a little while - I'm trying hard not flame ... along with ipnat (ipfilter). ... not working for a while a co-worker says to use routeadm. ... svcadm restart pfil, no errors. ...
    (comp.unix.solaris)