From owner-freebsd-questions@FreeBSD.ORG Sun Jan 27 21:31:24 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AEB2F16A469 for ; Sun, 27 Jan 2008 21:31:24 +0000 (UTC) (envelope-from noc@hdk5.net) Received: from guam10.hdk5.net (guam10.hdk5.net [66.180.132.235]) by mx1.freebsd.org (Postfix) with ESMTP id 8359313C4CC for ; Sun, 27 Jan 2008 21:31:24 +0000 (UTC) (envelope-from noc@hdk5.net) Received: from [192.168.1.29] (unknown [66.180.149.18]) by guam10.hdk5.net (Postfix) with ESMTP id 626A45C22; Sun, 27 Jan 2008 11:34:15 -1000 (HST) Message-ID: <479CF829.1010705@hdk5.net> Date: Sun, 27 Jan 2008 11:31:21 -1000 From: NetOpsCenter User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061211 FreeBSD/i386 SeaMonkey/1.0.7 MIME-Version: 1.0 To: Matthias Kellermann References: <479CD201.7050000@adminlife.net> In-Reply-To: <479CD201.7050000@adminlife.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Outgoing FTP connections with pf and ftp-proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: noc@hdk5.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2008 21:31:24 -0000 Matthias Kellermann wrote: > Hi list, > > I'm trying to get outgoing FTP sessions to work with pf and > ftp/ftp-proxy in a NAT environment. > > My simple config on a test machine looks like this: > ------------------------------------------------------------------ > int_if = "rl0" > localnet = "192.168.0.0/24" > tcp_services = "{ ssh, domain, www, https, ftp }" > udp_services = "{ domain }" > > nat on $int_if from $localnet to any -> ($int_if) > > rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021 > > block all > > pass from $localnet to any keep state > pass proto udp to any port $udp_services keep state > > pass out proto tcp to any port $tcp_services keep state > > pass in proto tcp from any to any user proxy keep state > pass in proto tcp from any to any port ssh keep state > ------------------------------------------------------------------ > > FTP login works fine. But if I want to do a "ls" on the FTP server I get > the following error on the client (no matter if NAT client or gateway): > > 425 Failed to establish connection. > > Any idea whats wrong with my setup? > > Thanks, > Matthias > > > Aloha Matthias, I am having the same ftp problem on servers that are on an ATM 5 IP circuit. There is no NAT involved with one of these. The outbound FTP goes out but I cant get the files to list when I go inbound from outside on an recognized IP. SSH on the same box works fine. It would make my day to get this working. ~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740 + http://hawaiidakine.com + http://freebsdinfo.org + noc@hdk5.net + + http://aloha50.net - Supporting - FreeBSD 6.* - 7.* + "All that's really worth doing is what we do for others."- Lewis Carrol