From owner-freebsd-pf@freebsd.org Tue Oct 20 07:35:27 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10238A19F1E for ; Tue, 20 Oct 2015 07:35:27 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4DF6C3F for ; Tue, 20 Oct 2015 07:35:26 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from [10.10.2.23] (helo=frv198.fwdcdn.com) by frv189.fwdcdn.com with esmtp ID 1ZoPue-000Eyb-9h for freebsd-pf@freebsd.org; Tue, 20 Oct 2015 08:56:44 +0300 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date; bh=ITP60IRJzBjIFU9Zh2Z3kD1Rxlv2m3rWzqjgx370tVU=; b=ErCEy92slZdc0Y0Lh5F578EWE/LniRPGH/PMWwUXP3OQNmeMDMLoLXDGrQ3wu1Fo5qMEIyp9NabP4oRF4S3878kOtMqfW8MA7XE8zAmmh8T5apeTTMUd8pQp0t5JQCFNgybHeZK4I9++watNdWAk/+9n519UL9RgnrUEcwpOKvI=; Received: from [10.10.10.34] (helo=frv34.fwdcdn.com) by frv198.fwdcdn.com with smtp ID 1ZoPua-000I8g-Kc for freebsd-pf@freebsd.org; Tue, 20 Oct 2015 08:56:40 +0300 Date: Tue, 20 Oct 2015 08:56:40 +0300 From: wishmaster Subject: Re: Working pf ftp configurations To: David Mehler Cc: freebsd-pf X-Mailer: mail.ukr.net 5.0 Message-Id: <1445320261.248562855.wf3ncryq@frv34.fwdcdn.com> In-Reply-To: References: X-Reply-Action: reply Received: from artemrts@ukr.net by frv34.fwdcdn.com; Tue, 20 Oct 2015 08:56:40 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2015 07:35:27 -0000 --- Original message --- From: "David Mehler" Date: 20 October 2015, 03:47:52 > Hello, > > If anyone is using freebsd 10 I suppose, pf, and using a system as an > ftp client or using the system to protect jails or other systems on a > network, providing them ftp access to the net, via ftp-proxy can you > share your configurations? What I've got is not working, initially I > had a single system that wouldn't allow an ls ona remote ftp server, I > then added in some jails for other reasons, tried them, and they do > the same, can connect can log in, can not do ls or anything else. The > original system/gateway/jail holding box, does run ftp-proxy it is > showing up on 127.0.0.1 port 8021. My system maintains a lot of jails with VIMAGE. FTP server inside jail. Rules in the base system like below: pass in quick on $ext_if from any to $jail port 39000-40000 keep-state vsftpd inside jail has directives: pasv_min_port=39000 pasv_max_port=40000 This above for the passive ftp. I do not like ftp-proxy ;-) --- Vitaliy