netbsd-users: IPFilter and passive FTP Servers

Subject: IPFilter and passive FTP Servers
To: None <netbsd-users@netbsd.org>
From: Sam Carleton <sam@linux-info.net>
List: netbsd-users
Date: 11/26/2002 09:44:55

Folks,

I have installed wu-ftp on a machine behine the NetBSD firewall.  I have
configured wu-ftp to use ports 15000 through 19999 for passive FTP.  Now
I need to figure out how to configure the firewall.  I believe I have
the ipf.conf config correct:

pass in quick on iy0 proto tcp from any to 192.168.0.5/32 port 15000 >< 20000 flags S keep state

I am trying to figure out how to configure ipnat.conf.  The best I can figure is:

rdr iy0 0/0 port 26000:31999 -> 192.168.0.5 port 26000:31999 tcp

But am concerned about trying it considering I am currently 100 miles from the
firewall:)

Is my guess correct?  If not, could some straigten me out?

Sam