[ previous ] [ next ] [ threads ]
 
 From:  "Matt Breitbach" <matthewb at flash dot shanje dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Forwarding all FTP services to one system
 Date:  Tue, 24 Jan 2006 13:26:04 -0600
We've run into an issue that we can't figure out.

We want to port forward all of our FTP traffic to one system, no matter what 
someone enters for their connection (ie - they connect to boo.com instead of 
ftp.boo.com).

We are a webhosting company, so this will all be inbound traffic.  Our 
current setup is a m0n0wall system, bridging to our public network.

I see that there are options to do this with NAT, but we aren't trying to 
forward to the NAT network.

Our current config is listed below - any ideas on how we can get this 
accomplished? BTW - current version we are running is  1.2b10


  <?xml version="1.0" ?>
- <m0n0wall>
  <version>1.5</version>
- <system>
  <hostname>Annonymized</hostname>
  <domain>Annonymized</domain>
  <username>Annonymized</username>
  <password>Annonymized</password>
  <timezone>America/Chicago</timezone>
  <time-update-interval>300</time-update-interval>
  <timeservers>pool.ntp.org</timeservers>
- <webgui>
  <protocol>http</protocol>
  <port />
  <certificate />
  <private-key />
  </webgui>
  <dnsserver>Annonymized</dnsserver>
  <dnsserver>Annonymized</dnsserver>
  </system>
- <interfaces>
- <lan>
  <if>rl0</if>
  <ipaddr>10.0.0.253</ipaddr>
  <subnet>24</subnet>
  </lan>
- <wan>
  <if>fxp1</if>
  <mtu />
  <blockpriv />
  <spoofmac />
  <ipaddr>216.51.x.x</ipaddr>
  <subnet>24</subnet>
  <gateway>216.51.x.x</gateway>
  </wan>
- <opt1>
  <if>fxp0</if>
  <descr>OPT1</descr>
  <ipaddr />
  <subnet>31</subnet>
  <bridge>wan</bridge>
  <enable />
  </opt1>
  </interfaces>
  <staticroutes />
  <pppoe />
  <pptp />
  <bigpond />
- <dyndns>
  <type>dyndns</type>
  <username />
  <password />
  <host />
  <mx />
  </dyndns>
- <dhcpd>
- <lan>
- <range>
  <from>10.0.0.0</from>
  <to>10.0.0.250</to>
  </range>
  <defaultleasetime />
  <maxleasetime />
  </lan>
  </dhcpd>
- <pptpd>
  <mode />
  <redir />
  <localip />
  <remoteip />
  </pptpd>
  <dnsmasq />
- <snmpd>
  <syslocation>Annonymized</syslocation>
  <syscontact>Annonymized</syscontact>
  <rocommunity>Annonymized</rocommunity>
  <enable />
  </snmpd>
- <diag>
- <ipv6nat>
  <ipaddr />
  </ipv6nat>
  </diag>
- <bridge>
  <filteringbridge />
  </bridge>
- <syslog>
  <nentries>50</nentries>
  <remoteserver>216.51.x.x</remoteserver>
  <filter />
  <system />
  </syslog>
- <nat>
  <advancedoutbound />
  </nat>
- <filter>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>80</port>
  </destination>
  <descr>HTTP passthrough</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>25</port>
  </destination>
  <descr>SMTP</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>icmp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  </destination>
  <descr>ICMP</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>5631</port>
  </destination>
  <descr>PCAnyWhere</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>5632</port>
  </destination>
  <descr>PCAnyWhere</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>110</port>
  </destination>
  <descr>POP3</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>443</port>
  </destination>
  <descr>HTTPS</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>21</port>
  </destination>
  <descr>FTP</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>2000-2010</port>
  </destination>
  <descr>FTP Passive Mode</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>53</port>
  </destination>
  <descr>DNS</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>1433-1434</port>
  </destination>
  <descr>MSSQL</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>3306</port>
  </destination>
  <descr>MySQL</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
- <source>
  <address>216.51.x.x</address>
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  </destination>
  <descr>WS114 allow</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x</address>
  <port>6277</port>
  </destination>
  <descr>DCC filter</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x</address>
  <port>8090</port>
  </destination>
  <descr>WhatsUpGold</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>27000-27040</port>
  </destination>
  <descr>CounterStrikeSource</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <address>216.51.x.x</address>
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>22</port>
  </destination>
  <descr>Annonymized</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <address>12.206.x.x</address>
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  <port>22</port>
  </destination>
  <descr>Annonymized</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
- <source>
  <address>216.51.x.x</address>
  </source>
- <destination>
  <address>216.51.x.x/24</address>
  </destination>
  <descr>Annonymized</descr>
  </rule>
- <rule>
  <type>block</type>
  <interface>wan</interface>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x</address>
  </destination>
  <descr>Block rule for Ethernet Switches</descr>
  </rule>
- <rule>
  <type>block</type>
  <interface>wan</interface>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x</address>
  </destination>
  <descr>Block rule for Ethernet Switches</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <any />
  <port>8767-8768</port>
  </destination>
  <descr>Teamspeak pass</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
  <protocol>tcp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <address>216.51.x.x</address>
  <port>3784</port>
  </destination>
  <descr>Ventrilo pass</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>opt1</interface>
  <protocol>tcp/udp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  <descr>server-side outbound</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>opt1</interface>
  <protocol>icmp</protocol>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  <descr>server-side outbound ICMP</descr>
  </rule>
- <rule>
  <type>pass</type>
  <interface>lan</interface>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  <descr>Default LAN -> any</descr>
  </rule>
-  </filter>
  <shaper />
  <ipsec />
  <aliases />
  <proxyarp />
  <wol />
  <lastchange>1138129911</lastchange>
  </m0n0wall>