ftp-proxy question
Matthew Grooms
mgrooms at seton.org
Wed May 18 09:36:10 PDT 2005
Fai,
Thanks for your reply. When you use the -n flag with ftp-proxy, the
client opens data connections directly to an ftp server. For this to
happen, you must have a rule that allows internal clients access to
anything on the internet because you can't tell what port the server
will select for a data connection. I am not able to do this for
political reasons.
Has anyone tested ftp-proxy using PASV ftp data connections without the
-n switch lately? It states at the bottom of the man page that it won't
handle EPSV but eludes to the fact that it will handle PASV connections.
Active connections work fine for me but passive data connections just
hang ...
Here are the rules from pf.conf ...
rdr on $if_int proto tcp from any to any port 21 -> lo0 port 8021
pass in quick log on $if_int proto tcp from any to lo0 port 8021 keep state
pass in quick log on $if_ext proto tcp from any to $if_ext port > 49152
keep state
And here is my entry in inetd.conf ....
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy
ftp-proxy -V -D 3
-Matthew
Fai wrote:
> My setup is follow this site (mine is FreeBSD 5.3 + pf)
> http://www.aei.ca/~pmatulis/pub/obsd_ftp.html
>
> it seems that some option of the ftp-proxy is wrong
>
More information about the freebsd-pf
mailing list