ftp-proxy question
Matthew Grooms
mgrooms at seton.org
Wed May 18 07:56:25 PDT 2005
I am having problems passing passive ftp traffic via ftp-proxy. Active
connection work fine. I tried using the -n flag the control connection
doesn't translate the server address so the client attempts to make the
control channel connection itself. Unfortunately I cant open up blanket
access outbound for whatever random port the ftp server chooses. Does
ftp-proxy only handle active connections???
Here are the rules from pf.conf ...
rdr on $if_int proto tcp from any to any port 21 -> lo0 port 8021
pass in quick log on $if_int proto tcp from any to lo0 port 8021 keep state
pass in quick log on $if_ext proto tcp from any to $if_ext port > 49152
keep state
And here is my entry in inetd.conf ....
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy
ftp-proxy -V -D 3
BTW : I haven't seen a single entry in /var/log/messages even with the
-D and -V options specified. Did I not specify this correctly or is
ftp-proxy just broke in the regard?
Thanks in advance,
-Matthew
More information about the freebsd-pf
mailing list