|
||||||||
We've run into an issue that we can't figure out. We want to port forward all of our FTP traffic to one system, no matter what someone enters for their connection (ie - they connect to boo.com instead of ftp.boo.com). We are a webhosting company, so this will all be inbound traffic. Our current setup is a m0n0wall system, bridging to our public network. I see that there are options to do this with NAT, but we aren't trying to forward to the NAT network. Our current config is listed below - any ideas on how we can get this accomplished? BTW - current version we are running is 1.2b10 <?xml version="1.0" ?> - <m0n0wall> <version>1.5</version> - <system> <hostname>Annonymized</hostname> <domain>Annonymized</domain> <username>Annonymized</username> <password>Annonymized</password> <timezone>America/Chicago</timezone> <time-update-interval>300</time-update-interval> <timeservers>pool.ntp.org</timeservers> - <webgui> <protocol>http</protocol> <port /> <certificate /> <private-key /> </webgui> <dnsserver>Annonymized</dnsserver> <dnsserver>Annonymized</dnsserver> </system> - <interfaces> - <lan> <if>rl0</if> <ipaddr>10.0.0.253</ipaddr> <subnet>24</subnet> </lan> - <wan> <if>fxp1</if> <mtu /> <blockpriv /> <spoofmac /> <ipaddr>216.51.x.x</ipaddr> <subnet>24</subnet> <gateway>216.51.x.x</gateway> </wan> - <opt1> <if>fxp0</if> <descr>OPT1</descr> <ipaddr /> <subnet>31</subnet> <bridge>wan</bridge> <enable /> </opt1> </interfaces> <staticroutes /> <pppoe /> <pptp /> <bigpond /> - <dyndns> <type>dyndns</type> <username /> <password /> <host /> <mx /> </dyndns> - <dhcpd> - <lan> - <range> <from>10.0.0.0</from> <to>10.0.0.250</to> </range> <defaultleasetime /> <maxleasetime /> </lan> </dhcpd> - <pptpd> <mode /> <redir /> <localip /> <remoteip /> </pptpd> <dnsmasq /> - <snmpd> <syslocation>Annonymized</syslocation> <syscontact>Annonymized</syscontact> <rocommunity>Annonymized</rocommunity> <enable /> </snmpd> - <diag> - <ipv6nat> <ipaddr /> </ipv6nat> </diag> - <bridge> <filteringbridge /> </bridge> - <syslog> <nentries>50</nentries> <remoteserver>216.51.x.x</remoteserver> <filter /> <system /> </syslog> - <nat> <advancedoutbound /> </nat> - <filter> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>80</port> </destination> <descr>HTTP passthrough</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>25</port> </destination> <descr>SMTP</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>icmp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> </destination> <descr>ICMP</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>5631</port> </destination> <descr>PCAnyWhere</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>udp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>5632</port> </destination> <descr>PCAnyWhere</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>110</port> </destination> <descr>POP3</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>443</port> </destination> <descr>HTTPS</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>21</port> </destination> <descr>FTP</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>2000-2010</port> </destination> <descr>FTP Passive Mode</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>53</port> </destination> <descr>DNS</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>1433-1434</port> </destination> <descr>MSSQL</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>3306</port> </destination> <descr>MySQL</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> - <source> <address>216.51.x.x</address> </source> - <destination> <address>216.51.x.x/24</address> </destination> <descr>WS114 allow</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x</address> <port>6277</port> </destination> <descr>DCC filter</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x</address> <port>8090</port> </destination> <descr>WhatsUpGold</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x/24</address> <port>27000-27040</port> </destination> <descr>CounterStrikeSource</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <address>216.51.x.x</address> </source> - <destination> <address>216.51.x.x/24</address> <port>22</port> </destination> <descr>Annonymized</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <address>12.206.x.x</address> </source> - <destination> <address>216.51.x.x/24</address> <port>22</port> </destination> <descr>Annonymized</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> - <source> <address>216.51.x.x</address> </source> - <destination> <address>216.51.x.x/24</address> </destination> <descr>Annonymized</descr> </rule> - <rule> <type>block</type> <interface>wan</interface> - <source> <any /> </source> - <destination> <address>216.51.x.x</address> </destination> <descr>Block rule for Ethernet Switches</descr> </rule> - <rule> <type>block</type> <interface>wan</interface> - <source> <any /> </source> - <destination> <address>216.51.x.x</address> </destination> <descr>Block rule for Ethernet Switches</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <any /> <port>8767-8768</port> </destination> <descr>Teamspeak pass</descr> </rule> - <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> - <source> <any /> </source> - <destination> <address>216.51.x.x</address> <port>3784</port> </destination> <descr>Ventrilo pass</descr> </rule> - <rule> <type>pass</type> <interface>opt1</interface> <protocol>tcp/udp</protocol> - <source> <any /> </source> - <destination> <any /> </destination> <descr>server-side outbound</descr> </rule> - <rule> <type>pass</type> <interface>opt1</interface> <protocol>icmp</protocol> - <source> <any /> </source> - <destination> <any /> </destination> <descr>server-side outbound ICMP</descr> </rule> - <rule> <type>pass</type> <interface>lan</interface> - <source> <any /> </source> - <destination> <any /> </destination> <descr>Default LAN -> any</descr> </rule> - </filter> <shaper /> <ipsec /> <aliases /> <proxyarp /> <wol /> <lastchange>1138129911</lastchange> </m0n0wall> |