From owner-freebsd-pf@FreeBSD.ORG Tue Feb 22 07:03:58 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEC6516A4CE for ; Tue, 22 Feb 2005 07:03:58 +0000 (GMT) Received: from helium.webpack.hosteurope.de (helium.webpack.hosteurope.de [217.115.142.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F89843D45 for ; Tue, 22 Feb 2005 07:03:58 +0000 (GMT) (envelope-from me@hexren.net) Received: by helium.webpack.hosteurope.de running Exim 4.34 using asmtp helo=hexren.steenbuck.net) id 1D3U5M-0002lo-DM; Tue, 22 Feb 2005 08:03:56 +0100 Date: Tue, 22 Feb 2005 08:03:55 +0100 From: Hexren X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <1761371051.20050222080355@hexren.net> To: "Giovanni P. Tirloni" In-Reply-To: <421AA724.4030807@tirloni.org> References: <421A3053.4050904@tirloni.org> <421AA011.3020208@tirloni.org> <421AA724.4030807@tirloni.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: pf@freebsd.org Subject: Re[2]: rdr for ftp-proxy doesn't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Hexren List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 07:03:59 -0000 GPT> Giovanni P. Tirloni wrote: >> Nick Buraglio wrote: >> >>> Try adding: >>> >>> pass in from any to any >>> pass out from any to any >>> >>> to the rules section. I believe you have to tell it to actually >>> handle the traffic. >> >> >> I tried that but it didn't help. Then I tried changing 127.0.0.1 by >> another external IP that I knew it had a ftp server running: all packets >> were redirected and I could login. >> >> There seems to be something locking the redirection to 127.0.0.1 and/or >> the internal interface address. GPT> My temporary fix was to use ipfw and ports/ftp/frox but I'd like to GPT> help to investigate this situation. I've tried to enable transparent ftp GPT> proxy with pf and ftp-proxy on another 5.3-STABLE and it didn't work GPT> also. No packet gets redirect to loopback but it redirects for anything GPT> outside. GPT> -- GPT> Giovanni P. Tirloni GPT> _______________________________________________ GPT> freebsd-pf@freebsd.org mailing list GPT> http://lists.freebsd.org/mailman/listinfo/freebsd-pf GPT> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" --------------------------------------------- I would guess that it would be wiser to use not the loopback address but a "normal" address of the proxy you want to use in the redirection. Only a guess. Hexren