From owner-freebsd-pf@FreeBSD.ORG Fri Jun 1 19:38:28 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D089F16A46E for ; Fri, 1 Jun 2007 19:38:28 +0000 (UTC) (envelope-from linux@giboia.org) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187]) by mx1.freebsd.org (Postfix) with ESMTP id 09D7813C457 for ; Fri, 1 Jun 2007 19:38:27 +0000 (UTC) (envelope-from linux@giboia.org) Received: by mu-out-0910.google.com with SMTP id w9so675654mue for ; Fri, 01 Jun 2007 12:38:26 -0700 (PDT) Received: by 10.82.112.3 with SMTP id k3mr1904187buc.1180724945883; Fri, 01 Jun 2007 12:09:05 -0700 (PDT) Received: by 10.82.134.6 with HTTP; Fri, 1 Jun 2007 12:09:05 -0700 (PDT) Message-ID: <6e6841490706011209t589558c1xfa49cd0a663f8ea3@mail.gmail.com> Date: Fri, 1 Jun 2007 16:09:05 -0300 From: "Gilberto Villani Brito" To: "FreeBSD (PF)" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Subject: Re: Problem to access FTP server X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jun 2007 19:38:28 -0000 On 31/05/07, Mahabub Basha wrote: > Hi all, > > I am a newbie for freebsd. I am using freebsd 6.1. I have some problem to > access ftp server through external ip behind a pf firewall. > > I can access my ftp server through active mode , but not working in passive > mode. > > My ruleset file is in the following: > > ====================================================================== > pf.conf > ====================================================================== > lan = "port2" > wan = "port1" > > # User BiNAT Rules > binat on $wan from 10.0.0.10 to any -> 172.16.1.10 > > # User RDR Rules > rdr on $wan from any to 172.16.1.10 -> 10.0.0.10 > > # User Filter Rules > pass all > > ========================================================================= > > my lan ip address is 10.0.0.10 and my wan ip is 172.16.1.10 > > I just put above three rules. And run my ftp server using inetd. > > I used core-ftp client in windows xp to connect my ftp server machine , in > active mode its working fine. > > But in passive mode its not working. > > Before i asked this problem here, i read the following links and try out the > same. but its not working. > > ===================================================================== > http://www.openbsd.org/faq/pf/ftp.html > > http://article.gmane.org/gmane.os.freebsd.devel.pf4freebsd/2952/match=issues+ftp+windows+pf > ===================================================================== > > I want to use binat rule. > > can anyone help me to solve this issue. > > - Mahabub Basha.S > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > Hi, First, try exclude: rdr on $wan from any to 172.16.1.10 -> 10.0.0.10 because you are using binat, so try to use ftp on passive mode. If it doens't work, tray to use ftp-proxy (http://www.openbsd.org/faq/pf/ftp.html). -- Gilberto Villani Brito System Administrator Londrina - PR Brazil gilbertovb(a)gmail.com