Hi,
I an FTP server behind a IPF / IPNAT firewall. I'm trying to get inbound passive FTP to work. (Outbound is no problem).
To keep things simple I've opened up IPF completely to start with:
ipf.conf pass in from any to any flags S keep state keep frags pass out from any to any keep state
And then for IPNAT I have the following rules: map ex0 10.1.1.0/24 -> $EXT_IP/32 proxy port ftp ftp/tcp map ex0 10.1.1.0/24 -> $EXT_IP/32 portmap tcp/udp 1023:60000 map ex0 10.1.1.0/24 -> $EXT_IP/32
rdr ex0 $EXT_IP/32 port 20 -> 10.1.1.10 port 20 tcp #FTP rdr ex0 $EXT_IP/32 port 21 -> 10.1.1.10 port 21 tcp #FTP
Unfortunately, this only allows for active FTP.
I can get it to work by adding the following rule, right after the map rules: bimap ex0 10.1.1.10/32 -> $EXT_IP/32
Unfortunately, this will take all ports of the external machine. And I do have to redirect some other ports to other machines. (E.g. the HTTP server is at anonther machine), so this is not working for me.
Any suggestions are greatly appriciated.
Louis