Problems with pf + ftp-proxy on gateway
Matthew Seaman
m.seaman at infracaninophile.co.uk
Tue Mar 28 19:39:30 UTC 2006
Peter wrote:
> --- Renato Botelho <rbgarga at gmail.com> wrote:
>
>> I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine.
>>
>> I have this line on inetd.conf:
>>
>> ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy
>>
>> ftp-proxy -n
>>
>> And this lines on pf.conf:
>>
>> rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port
>> ftp-proxy
>> pass in quick on $ext_if inet proto tcp from any port ftp-data to
>> $ext_if:0 user proxy flags S/SA keep state
>>
>> When one machine inside my network (e.g. 192.168.x.x) connects to an
>> external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't
>> work.
>>
>> Connection comes to my firewall and is accepted but connection is not
>> established and stay like this here:
>>
>> self tcp 200.x.x.x:57625 <- 200.x.x.x:20 ESTABLISHED:FIN_WAIT_2
>
> You need to decide whether you are working with passive ftp clients
> (probably), active, or both.
Or use the ftp/pftpx port, which handles proxying all types of active and
passive FTP. That's the successor to ftp-proxy(8) due to be released
shortly as part of OpenBSD 3.9, and documented at:
http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060328/954f85cf/signature.pgp
More information about the freebsd-stable
mailing list