Results 1 to 5 of 5

Thread: Port Forwarding FTP with NATD

  1. #1
    Senior Member
    Join Date
    May 2001
    Posts
    411

    Port Forwarding FTP with NATD

    I'm using NATD and IPFW on my FreeBSD 4.7 gateway box. I can get port 80 to forward to an inside PC but can't get the FTP port (21) to forward. I tried forwarding both port 20 and 21 but to no avail.

    The following lines are in my /etc/rc.conf file:

    natd_flags="-redirect_port tcp 192.168.0.2:21 21"
    natd_flags="-redirect_port tcp 192.168.0.2:80 80"

    Otherwise, my firewall, NATD, and IPFW seem to work fine. Any suggestions.

  2. #2

    Re:Port Forwarding FTP with NATD

    Make sure you're forwarding port 20 and the client is set to active mode. I would think that passive mode would work anyway though since the server connects to a port on the client for data transfer. (Be sure the client doesn't have a firewall blocking ports above 1024 though if using passive mode.)

  3. #3
    Senior Member
    Join Date
    May 2001
    Posts
    411

    Re:Port Forwarding FTP with NATD

    [quote author=Grand Aardvark Kenshi link=board=10;threadid=6214;start=0#58812 date=1043801620]
    Make sure you're forwarding port 20 and the client is set to active mode. I would think that passive mode would work anyway though since the server connects to a port on the client for data transfer. (Be sure the client doesn't have a firewall blocking ports above 1024 though if using passive mode.)
    [/quote]

    Tried that...and then tried it again. With the FTP server (Pure-FTPD) running on the gateway box, I get the gateway's FTP server from the FTP client (in active or passive mode). If I shut down the gateway FTP server, the FTP ports are closed and I don't get anything. The FTP server on the inside PC (ProFTPD) is definitely up and accepting anonymous logins. Must be some other little trick I'm missing here.

  4. #4
    Senior Member
    Join Date
    May 2001
    Posts
    411

    Re:Port Forwarding FTP with NATD

    Ta da! The solution is that you cannot have two natd_flag lines in the rc.conf file as I have shown. I discovered this when I ran ps -ax and saw that the port 80 forward command was executed but not the port 21 command. Actually, what probably happens is that in the sequential execution of the lines in rc.conf, the second natd_flag overwrites the first one.

    You can combine more than one -redirect_port command into the same string like so:

    natd_flags="-redirect_port tcp 192.168.0.2:21 21 -redirect_port tcp 192.168.0.2:80 80"

    With the two natd_flags lines, only the second one was being invoked (i.e., port 80 was getting redirected but not port 21).

    There is no need to forward any other port to make FTP port forwarding work (i.e., you do not need to forward port 20).

  5. #5

    Re:Port Forwarding FTP with NATD

    Oh, duh. I should've spotted that myself. One of those little things...

Similar Threads

  1. Port forwarding without ssh
    By countach44 in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 01-10-2005, 10:13 PM
  2. Port forwarding woes
    By friskydrifter in forum Linux - Hardware, Networking & Security
    Replies: 7
    Last Post: 01-28-2004, 03:59 AM
  3. SSH port forwarding
    By crazy ivan in forum Linux - Hardware, Networking & Security
    Replies: 4
    Last Post: 10-07-2003, 11:10 PM
  4. ssh port forwarding
    By Blaqb0x in forum Linux - Hardware, Networking & Security
    Replies: 5
    Last Post: 02-10-2003, 05:15 AM
  5. Port forwarding
    By Schotty in forum Linux - Hardware, Networking & Security
    Replies: 5
    Last Post: 11-29-2001, 05:08 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •