From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 03:54:53 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id 4180A16A4CF; Thu, 16 Sep 2004 03:54:53 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 72987 invoked by uid 1005); 24 Oct 2003 15:37:48 -0000
Delivered-To: max@vampire.homelinux.org
Received: (qmail 72984 invoked from network); 24 Oct 2003 15:37:48 -0000
Received: from moutng.kundenserver.de (212.227.126.189)
  by p50839a3d.dip.t-dialin.net with SMTP; 24 Oct 2003 15:37:48 -0000
Received: from [212.227.126.139] (helo=mxng12.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AD3xc-000228-00
	for max@vampire.homelinux.org; Fri, 24 Oct 2003 17:34:44 +0200
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng12.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AD3xW-00087C-00
	for max@love2party.net; Fri, 24 Oct 2003 17:34:38 +0200
Received: from turing (localhost [127.0.0.1])ESMTP
	id E67863914B2; Fri, 24 Oct 2003 10:23:55 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Fri, 24 Oct 2003 10:23:49 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176])
	ESMTP id 784013914A2
	for <pf4freebsd@freelists.org>; Fri, 24 Oct 2003 10:23:48 -0500 (EST)
Received: from imp1-a.free.fr (imp1-a.free.fr [213.228.0.79])
	by postfix4-2.free.fr (Postfix) with ESMTP id EB301C827
	for <pf4freebsd@freelists.org>; Fri, 24 Oct 2003 17:31:54 +0200 (CEST)
Received: by imp1-a.free.fr (Postfix, from userid 33)
	id 04A5412284; Fri, 24 Oct 2003 17:32:03 +0200 (MEST)
Received: from AToulouse-104-1-5-125.w80-14.abo.wanadoo.fr
	(AToulouse-104-1-5-125.w80-14.abo.wanadoo.fr [80.14.103.125]) 
	by imp1-a.free.fr (IMP) with HTTP 
	for <novocaine@imap.free.fr>; Fri, 24 Oct 2003 17:32:02 +0200
Message-ID: <1067009522.3f9945f26f90e@imp1-a.free.fr>
From: novocaine@free.fr
To: pf4freebsd@freelists.org
MIME-Version: 1.0
Content-type: text/plain;
  charset=ISO-8859-1
User-Agent: Internet Messaging Program (IMP) 3.2.1
X-archive-position: 198
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: novocaine@free.fr
Precedence: normal
X-list: pf4freebsd
Content-Transfer-Encoding: quoted-printable
X-UID: 313
X-Length: 3383
X-Mailman-Approved-At: Thu, 16 Sep 2004 03:56:12 +0000
Subject: [pf4freebsd] Using authpf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 03:54:53 -0000
X-Original-Date: Fri, 24 Oct 2003 17:32:02 +0200
X-List-Received-Date: Thu, 16 Sep 2004 03:54:53 -0000

First, I'd like to thank all the contributers of the port of pf to FreeBS=
D.

I am trying to use authpf on -CURRENT, without success so far. I'd like t=
o
enable ftp access for user "os" using authpf.

In /usr/local/etc/pf.conf, I have :
...
set block-policy return
set loginterface $ext_if
scrub in all

nat-anchor authpf
rdr-anchor authpf
binat-anchor authpf

<rules>

anchor authpf in on $ext_if

I have an empty file /usr/local/etc/authpf/authpf.conf and=20
/usr/local/etc/authpf/users/os/authpf.rules reads
$ext_if=3D"tun0"
pass in quick on $ext_if proto tcp from $user_ip to any port http

I also try to set /usr/local/sbin/authpf as os' shell (as described on
authpf(8)) but it doesn't seem to work. I had to add authpf to /etc/shell=
s.

Am I doing something wrong?

Thanks,

                          - Olivier