transparent proxy ftp mode
vsavichev at wesleyan.edu
vsavichev at wesleyan.edu
Fri Mar 25 01:49:47 PST 2005
hi,
we have pf and couple of ip aliases on the $ext_if. pf NAT's the connections
out in round-robin fasion, pf let's the clients out through statefull
rules Recently, we switched to the transparent proxy mode in squid-pf conf
pf.conf>
rdr on $int_if inet proto tcp from any to {!192.168.0.0/24} port \
{ 80, 8080, 8101 } -> 127.0.0.1 port 3128
ok, there is small problem then we try to download someth. in browser
from ftp sites, reply is:
passive ftp connection must come from same host active control connection
does it says, i have to use ftp-proxy as well or should I lock somehow
ftp related connects to predefined ip, I'm not sure if i express it
correctly.
thanks, vlad
More information about the freebsd-pf
mailing list