From owner-freebsd-questions@FreeBSD.ORG Fri Oct 3 09:11:59 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29466106568E for ; Fri, 3 Oct 2008 09:11:59 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.188]) by mx1.freebsd.org (Postfix) with ESMTP id ACB838FC13 for ; Fri, 3 Oct 2008 09:11:58 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: by fk-out-0910.google.com with SMTP id k31so1005387fkk.11 for ; Fri, 03 Oct 2008 02:11:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=fmMNGv3eL0lCYHM9k+yad7/49usgkTU16PuFZwX6cdc=; b=KgIwVS+bWcIByKwtM2Fzo7KYMvJvHu6zJK82k8d9YZGA30ot3M0N6cJH66R2DSoeI9 4MZIXeAJEcSLPdq4GtQexoQaHE9ssmy/Mv9HnWvUg1OPa2p7KDhtmVY9WyCXDk/deJ4K bvIl0B8tBiXbCKxFYLX2qtzCNCNvSl9hwtT8w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=Yu+VHUSPVdYndFz7poLea64WZ48L/lfkJubSa7cB/AzmX4cqudZcg3sv2ybmnIK/JQ Gwl68/n9Xu0zn6uhGccxk2q/HO3n5R6GYVH33jl6/jv5TEMv4kxPe3o8d23APevNYRbY x8LKl1TYnABzblU7pJP7gSSZrJppju8pcP488= Received: by 10.103.243.7 with SMTP id v7mr483743mur.24.1223025117454; Fri, 03 Oct 2008 02:11:57 -0700 (PDT) Received: by 10.103.247.7 with HTTP; Fri, 3 Oct 2008 02:11:57 -0700 (PDT) Message-ID: Date: Fri, 3 Oct 2008 11:11:57 +0200 From: "Redd Vinylene" To: questions@freebsd.org, jail@freebsd.org, pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Jail, pf and ftpd: Connection refused X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2008 09:11:59 -0000 Greetings ladies and gentlemen! Why does the below pf.conf (run from box1) give me "getpeername(control_sock): Transport endpoint is not connected, Socket error (Connection refused) - reconnecting" when trying to log onto box3 via passive FTP? Active FTP gives me "425 Can't build data connection: Connection refused." (box2 and box3 are jails running off box1) - root@box1# cat /etc/pf.conf box1 = "80.203.2.2" box2 = "80.203.2.3" box3 = "{ 80.203.2.4 [...] 80.203.2.127 }" ext_if = "rl0" set block-policy return set skip on { lo0 } scrub in pass out keep state block in pass in on $ext_if inet proto tcp from any to any port { 22 } keep state pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80, 110 } keep state pass in on $ext_if inet proto udp from any to $box2 port 53 keep state pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113 } keep state pass in on $ext_if inet proto icmp from any to any keep state - root@box3# cat /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l - I hope I've been verbose enough. Thank you! -- http://www.home.no/reddvinylene