From owner-freebsd-pf@FreeBSD.ORG Fri Dec 8 14:01:01 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E6B3F16A5B6 for ; Fri, 8 Dec 2006 14:01:01 +0000 (UTC) (envelope-from roma.a.g@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FC4544043 for ; Fri, 8 Dec 2006 13:58:43 +0000 (GMT) (envelope-from roma.a.g@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so705119uge for ; Fri, 08 Dec 2006 05:59:37 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:organization:x-priority:message-id:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; b=Lq3TC0jtI/J+LWHT7mge6UW5ZLRLjQL+2qKs80J8aRt4Ika/oSEOg8+QHpmOphShejyslbiUGef1EAkpNb6D8Cc0aEJ+6mOUfPulrgSnc2GYshVUN3oTHm7ZXG8zC7hfaKJmeX+SYRfpp2wGSw1lz5z0SkvSMuCFoO4UxGIbMwo= Received: by 10.67.26.7 with SMTP id d7mr5214456ugj.1165585995908; Fri, 08 Dec 2006 05:53:15 -0800 (PST) Received: from pridep3.ad.office.acropolis.ru ( [81.211.90.3]) by mx.google.com with ESMTP id 55sm2909469ugq.2006.12.08.05.53.15; Fri, 08 Dec 2006 05:53:15 -0800 (PST) Date: Fri, 8 Dec 2006 16:53:02 +0300 From: "Roman Gorohov. " X-Mailer: The Bat! (v3.62.14) Professional Organization: Acropolis X-Priority: 3 (Normal) Message-ID: <1904646577.20061208165302@gmail.com> To: Gergely CZUCZY In-Reply-To: <20061207133535.GA16219@harmless.hu> References: <546388630.20061207163149@gmail.com> <20061207133535.GA16219@harmless.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-pf@FreeBSD.org Subject: FTP problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "roma.a.g" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2006 14:01:02 -0000 Hello, Gergely. > try to use pftpx instead of ftp-proxy, it's available from ports. > Bye, > Gergely Czuczy I tried switch to pftpx and got same result. Last messages: Dec 7 17:02:05 fw-spb pftpx[7306]: client limit (100) reached, refusing connection from 10.10.1.70 Dec 7 17:02:47 fw-spb pftpx[7306]: client limit (100) reached, refusing connection from 10.10.1.70 Dec 7 17:02:55 fw-spb pftpx[7306]: #296 proxy cannot connect to server 10.10.1.70: Operation not permitted Dec 7 17:03:03 fw-spb pftpx[7306]: client limit (100) reached, refusing connection from 10.10.1.70 Dec 7 17:03:15 fw-spb last message repeated 2 times Then it hang. Address 10.10.1.70 is server itself, so I don't understand whats going on... I started to think that there is some loop in pf rules, this would nicely explain why there isn't any messages at console. But I can't see any. This is all referencing to ftp in my pf.conf: rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 pass out on $ext_if inet proto tcp from $ext_if to any port 21 flags S/AUPRFS modulate state pass in on $ext_if proto tcp from any to any port 21 keep state Any suggestions? Regards, Roman.