Date: Sun, 19 Dec 2004 12:50:07 -0500 From: "dave" <dmehler26@woh.rr.com> To: <freebsd-pf@freebsd.org> Subject: pf and ftp client Message-ID: <001301c4e5f3$2d5e87c0$0400a8c0@satellite>
next in thread | raw e-mail | index | archive | help
Hello, I've got a 5.3 box running pf. I want to use it as an ftp client, it's already going through a nat firewall. My problem is when i try to download a port via make install and any ftp url is referenced the site can not be contacted. I'm not sure which mode this is using active or passive. This machine has only one nic in it. I have included my relevant ftp pf rules below. Any help appreciated. Thanks. pf.conf: # options set loginterface none set optimization normal set block-policy drop scrub in on $ext_if all scrub out all random-id max-mss 1440 # nat ftp-proxy rdr on $ext_if proto tcp from any to any port 21 -> $ext_addr port 8021 # activate spoofing protection for the internal interface. antispoof quick for $ext_if inet # allow active ftp, passive is handled # by the ftp-proxy and the nat rdr rule pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags S/SA keep state # allow out ftp pass out quick on $ext_if proto tcp from any to any port = 21 flags S/SA modulate state
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001301c4e5f3$2d5e87c0$0400a8c0>