From owner-freebsd-pf@FreeBSD.ORG Tue May 9 13:33:56 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93D7816A401 for ; Tue, 9 May 2006 13:33:56 +0000 (UTC) (envelope-from linux@giboia.org) Received: from adriana.dilk.com.br (adriana.dilk.com.br [200.250.23.1]) by mx1.FreeBSD.org (Postfix) with SMTP id 80DF243D45 for ; Tue, 9 May 2006 13:33:55 +0000 (GMT) (envelope-from linux@giboia.org) Received: (qmail 11874 invoked by uid 98); 9 May 2006 13:33:50 -0000 Received: from 10.0.0.95 by lda.dilk.com.br (envelope-from , uid 82) with qmail-scanner-1.25-st-qms (uvscan: v4.4.00/v4545. perlscan: 1.25-st-qms. Clear:RC:1(10.0.0.95):. Processed in 0.035774 secs); 09 May 2006 13:33:50 -0000 Received: from unknown (HELO giboia) (linux@giboia.org@10.0.0.95) by adriana.dilk.com.br with SMTP; 9 May 2006 13:33:50 -0000 Date: Tue, 9 May 2006 10:37:31 -0300 From: Gilberto Villani Brito To: freebsd-pf@freebsd.org Message-ID: <20060509103731.4876913c@giboia> In-Reply-To: <20060508201512.62715.qmail@web52912.mail.yahoo.com> References: <20060508201512.62715.qmail@web52912.mail.yahoo.com> X-Mailer: Sylpheed-Claws 1.0.4 (GTK+ 1.2.10; i586-mandriva-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Problem with ftp-proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 13:33:56 -0000 Why don't you use only this in your pf.conf?? # rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 # pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy fl= ags S/SA keep state I belive your problem is for your users using public ftp. Is it correct?? PS: Esse FAQ esta em portugu=EAs http://www.openbsd.org/faq/pf/pt/ftp.html#= client Gilberto On Mon, 8 May 2006 13:15:12 -0700 (PDT) Matheus Lamberti wrote: > Hello list, >=20 > Whell, i have implemented a firewall with the default > police "block all", i made very restritive rules > allowing only some connecting ports from the machines > of my LAN. > My problem is, the ftp-proxy is working... > * inetd call then with my flags > * the ftp transaction starts > * but i can recieve back the answer from the remote > server >=20 > Bellow is a part of my pf.conf file ... >=20 > -- start -- > # ftp-proxy > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > rdr pass on $if_intr proto tcp to port ftp -> > 127.0.0.1 port 8021 >=20 > # rules > anchor "ftp-proxy/*" > pass out on $if_adsl proto udp from $if_adsl to any > port $udp_sai keep state > pass out on $if_adsl proto tcp from $if_adsl to any > port $tcp_sai flags $flagtcp modulate state > pass out on $if_adsl proto tcp from $if_adsl to any > port $tcp_ent flags $flagtcp modulate state > pass in on $if_adsl from any to $srv_vip modulate > state > pass in on $if_adsl from any to $if_adsl keep state > pass out on $if_intr from any to $intrant modulate > state > pass in on $if_intr proto udp from $intrant to any > port $udp_sai keep state > pass in on $if_intr proto tcp from $intrant to any > port $tcp_sai flags $flagtcp keep state > pass in on $if_intr proto tcp from $intrant to any > port $tcp_ent flags $flagtcp keep state > pass in on $if_intr proto { tcp, udp } from $intrant > to $srv_bsd port $dhcp_pt keep state > pass in on $if_intr proto { tcp, udp } from $ip_voip > to any keep state > -- end -- >=20 >=20 >=20 > Matheus Lamberti de Abreu > BSD UserID: 051370 / ICQ UIN: 58854189 >=20 > " Diante da vastid=E3o do tempo... > E da imensid=E3o do universo, > =C9 um imenso prazer pra mim, > Dividir um planeta e uma =E9poca com voc=EA! " ( Carl Sagan ) >=20 > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around=20 > http://mail.yahoo.com=20 > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20