Working pf ftp configurations
wishmaster
artemrts at ukr.net
Tue Oct 20 07:35:27 UTC 2015
--- Original message ---
From: "David Mehler" <dave.mehler at gmail.com>
Date: 20 October 2015, 03:47:52
> Hello,
>
> If anyone is using freebsd 10 I suppose, pf, and using a system as an
> ftp client or using the system to protect jails or other systems on a
> network, providing them ftp access to the net, via ftp-proxy can you
> share your configurations? What I've got is not working, initially I
> had a single system that wouldn't allow an ls ona remote ftp server, I
> then added in some jails for other reasons, tried them, and they do
> the same, can connect can log in, can not do ls or anything else. The
> original system/gateway/jail holding box, does run ftp-proxy it is
> showing up on 127.0.0.1 port 8021.
My system maintains a lot of jails with VIMAGE. FTP server inside jail. Rules in the base system like below:
pass in quick on $ext_if from any to $jail port 39000-40000 keep-state
vsftpd inside jail has directives:
pasv_min_port=39000
pasv_max_port=40000
This above for the passive ftp.
I do not like ftp-proxy ;-)
---
Vitaliy
More information about the freebsd-pf
mailing list