netbsd-help: Re: Redirecting a port

Subject: Re: Redirecting a port
To: Mikael K <mickek@myrealbox.com>
From: Axel Scheepers <axel@axel.truedestiny.net>
List: netbsd-help
Date: 05/05/2002 15:32:59
Hi Mikael,

Ftp uses a bit more then port 21, try redirecting ports 20 and 49152-65535 
also. 49152-65535 are the values ftp uses by default, you can change them
to a smaller window if you like using sysctl, should be something like:
sysctl -w net.inet.ip.portrange.hifirst=lower_bound
sysctl -w net.inet.ip.portrange.hilast=upper bound

Gr,

--
Axel Scheepers
UNIX System Administrator

email: axel@axel.truedestiny.net
       a.scheepers@iae.nl
http://axel.truedestiny.net/~axel
------------------------------------------
"The first rule of magic is simple.  Don't waste your time waving your
hands and hoping when a rock or a club will do."
                -- McCloctnik the Lucid
------------------------------------------

On Sun, May 05, 2002 at 12:35:51AM +0200, Mikael K wrote:
> Hello!
> 
> I've been trying to redirect a port on my NetBSD gateway to my Windows ftp
> server. The gateway works fine except for this and I've been trying to
> fixe this for days and I'm feeling very lost. I'll try to include as much
> information as I can. If it is anything I've not included that could give you
> a hint, please tell. Does anyone have any good links, been looking trough
> the NetBSD's documentation a lot but don't find any clues to what I've
> done wrong.
> 
> 
>   -----------        --------         -----   ----------------
>  | dsl modem |- ne2 | NetBSD | fxp0 -| hub |-| Win ftp server |
>   -----------        --------         -----   ----------------
>                                         | desktop machines
> 
> # ifconfig ne2
> 
> ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:50:ba:a6:4b:b1
>         media: Ethernet autoselect (10baseT)
>         inet 208.217.73.43 netmask 0xffffff00 broadcast 208.217.73.255
>         inet6 fe80::250:baff:fea6:4bb1%ne2 prefixlen 64 scopeid 0x2
> 
> # ifconfig fxp0
> 
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:a0:c9:43:e9:e5
>         media: Ethernet autoselect (10baseT)
>         status: active
>         inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
>         inet6 fe80::2a0:c9ff:fe43:e9e5%fxp0 prefixlen 64 scopeid 0x1
> 
> # sysctl -w net.inet.ip.forwarding
> net.inet.ip.forwarding = 1
> 
> in /etc/ipnat.conf
> map ne2 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp 
> map ne2 192.168.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
> map ne2 192.168.0.0/24 -> 0/32
> 
> #redirection to my ftp server
> rdr ne2 0.0.0.0/0 port 21 -> 192.168.0.2 port 21 tcp
> 
> in /etc/ipf.conf
> pass in all
> pass out all
> 
> in /etc/rc.conf
> 
> ipfilter=YES                #Stateful firewall
> ipnat=YES                   #Network Address Translation
> ipmon=YES                   #Firewall logging
> ipmon_flags="-Dsn"
> 
> 
> Thank you in advance
> Mikael Karlsson