rdr for ftp-proxy doesn't work
Giovanni P. Tirloni
gpt at tirloni.org
Mon Feb 21 19:02:47 GMT 2005
Hi,
I've a pf.conf without any filter rules, only this one and nat:
rdr on sk0 inet proto tcp from any to any port = ftp -> 127.0.0.1
port 8021
And ftp-proxy is listening through inetd on that port:
sockstat -4l:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root inetd 5470 4 tcp4 *:8021 *:*
inetd.conf:
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy
ftp-proxy -n
pfctl -s nat -v:
rdr on sk0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
[ Evaluations: 28723 Packets: 2 Bytes: 96
States: 1 ]
uname:
FreeBSD 5.3-STABLE #0: Fri Feb 18 07:24:35 BRST 2005
When I run tcpdump on sk0 (internal interface) I see the host trying
to connect to port 21 (syn) but no packets go to the loopback interface
or any other place.
If I remove the rdr rule it client connects and authenticates but is
unable to start a active connection, of course.
Any idea about what is causing this? Strange enough I've the same set of
rules on another 6 machines and it works. The
Thanks in advance,
--
Giovanni P. Tirloni
More information about the freebsd-pf
mailing list