From owner-freebsd-questions@FreeBSD.ORG Sun Jan 27 18:48:39 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E1D216A590 for ; Sun, 27 Jan 2008 18:48:39 +0000 (UTC) (envelope-from matthias@adminlife.net) Received: from mx.adminlife.net (mx.adminlife.net [89.149.221.68]) by mx1.freebsd.org (Postfix) with ESMTP id 5134513C467 for ; Sun, 27 Jan 2008 18:48:39 +0000 (UTC) (envelope-from matthias@adminlife.net) Received: from [192.168.0.51] (p5488FA27.dip.t-dialin.net [84.136.250.39]) by mx.adminlife.net (Postfix) with ESMTP id 8B332AB14C for ; Sun, 27 Jan 2008 19:44:53 +0100 (CET) Message-ID: <479CD201.7050000@adminlife.net> Date: Sun, 27 Jan 2008 19:48:33 +0100 From: Matthias Kellermann User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: freebsd-questions@freebsd.org X-Enigmail-Version: 0.95.0 OpenPGP: id=85F1B9F5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC3125B7206AC47220C71C0D3" Subject: Outgoing FTP connections with pf and ftp-proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2008 18:48:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC3125B7206AC47220C71C0D3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi list, I'm trying to get outgoing FTP sessions to work with pf and ftp/ftp-proxy in a NAT environment. My simple config on a test machine looks like this: ------------------------------------------------------------------ int_if =3D "rl0" localnet =3D "192.168.0.0/24" tcp_services =3D "{ ssh, domain, www, https, ftp }" udp_services =3D "{ domain }" nat on $int_if from $localnet to any -> ($int_if) rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021 block all pass from $localnet to any keep state pass proto udp to any port $udp_services keep state pass out proto tcp to any port $tcp_services keep state pass in proto tcp from any to any user proxy keep state pass in proto tcp from any to any port ssh keep state ------------------------------------------------------------------ FTP login works fine. But if I want to do a "ls" on the FTP server I get the following error on the client (no matter if NAT client or gateway): 425 Failed to establish connection. Any idea whats wrong with my setup? Thanks, Matthias --------------enigC3125B7206AC47220C71C0D3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHnNIFGSi/LIXxufURAswBAJ99Hec35toOfxpkGnh/oKauG4tHPACfRFMq 7YCiD41lQy+ZYLmtwOWlZbo= =kTRN -----END PGP SIGNATURE----- --------------enigC3125B7206AC47220C71C0D3--