Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 Jan 2008 19:48:33 +0100
From:      Matthias Kellermann <matthias@adminlife.net>
To:        freebsd-questions@freebsd.org
Subject:   Outgoing FTP connections with pf and ftp-proxy
Message-ID:  <479CD201.7050000@adminlife.net>
next in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC3125B7206AC47220C71C0D3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi list,

I'm trying to get outgoing FTP sessions to work with pf and
ftp/ftp-proxy in a NAT environment.

My simple config on a test machine looks like this:
------------------------------------------------------------------
int_if =3D "rl0"
localnet =3D "192.168.0.0/24"
tcp_services =3D "{ ssh, domain, www, https, ftp }"
udp_services =3D "{ domain }"

nat on $int_if from $localnet to any -> ($int_if)

rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021

block all

pass from $localnet to any keep state
pass proto udp to any port $udp_services keep state

pass out proto tcp to any port $tcp_services keep state

pass in proto tcp from any to any user proxy keep state
pass in proto tcp from any to any port ssh keep state
------------------------------------------------------------------

FTP login works fine. But if I want to do a "ls" on the FTP server I get
the following error on the client (no matter if NAT client or gateway):

425 Failed to establish connection.

Any idea whats wrong with my setup?

Thanks,
Matthias



--------------enigC3125B7206AC47220C71C0D3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHnNIFGSi/LIXxufURAswBAJ99Hec35toOfxpkGnh/oKauG4tHPACfRFMq
7YCiD41lQy+ZYLmtwOWlZbo=
=kTRN
-----END PGP SIGNATURE-----

--------------enigC3125B7206AC47220C71C0D3--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?479CD201.7050000>