On Sat, Jan 15, 2005 at 07:36:53AM +0100, vattini giacomo wrote:
> hi all i searched in google for a while but no results
> occeured to me so it's time to write.I got this
> problem i got a netbsd 2.0 ipf dhcpd server and i
> installed a internal anonymous ftp under openbsd3.6
> the
> ftp server is ok inside the lan,but if i want to
> connect from the outside through the inside it doesn't
> work.Those are my setting
> 
> /etc/ipf.conf
> pass in  from any to any
> pass out  from any to any 
> pass in quick proto tcp from any to 192.168.0.0/24
> port > 1023 flags S keep state

You'll probably want port ftp too, but see below.

> pass out proto tcp all keep state
> 
> /etc/ipnat.conf
> map pppoe0 192.168.0.0/24 -> 0/32 proxy port  ftp
> ftp/tcp mssclamp 1452
> map pppoe0 192.168.0.0/24 -> 0/32 portmap tcp/udp
> 40000:60000 mssclamp 1452
> map pppoe0 192.168.0.0/24 -> 0/32 mssclamp 1452
> rdr pppoe0 0.0.0.0/32 port 21 -> 192.168.0.2 port 21
> 
> ok i read somewhere that the line rdr should have be
> at the first line ,but i don't know if it's  right
> thanks in advance for any help.

ftp is a protocol that cause problems, because it uses dynamic ports for data
connection. I'm not sure it's possible to redirect it on a NAT gateway.
I'm not sure ipnat has the necessary functionality to redirect a ftp
session from the outside to the inside. Any single-port protocol (e.g. http,
ssh, smtp, ...) can be redirected fine.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--