From owner-freebsd-pf@FreeBSD.ORG Tue Jun 24 08:47:32 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32E09106564A for ; Tue, 24 Jun 2008 08:47:32 +0000 (UTC) (envelope-from albinootje@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by mx1.freebsd.org (Postfix) with ESMTP id B32F88FC19 for ; Tue, 24 Jun 2008 08:47:31 +0000 (UTC) (envelope-from albinootje@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so9972092rvf.43 for ; Tue, 24 Jun 2008 01:47:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=e9Li7fF4U9pPadZM6xCXayhCQHQ3JsvVNqBUD8TfdSw=; b=F8yntifKL93DdfZeRQ5Hj9O2ZHiNmLA0JGIq6iIfbbu/nkJjzOL4o4J9iCm3cyLiTw 7mmLM22BLq68hG3gDHNYfbTVKznEK9phaDAjLNCZfHN2VyrnFXdV+J6cAnkQB+Gdlw3t j9YxaGC5CIaEYqeql9JMgTQ3xZ44PS8UEYLvs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=mv7PHKci6c2XMwsiLvFIAF0XUwbY1WKx2zCDGZwQFu9oqUf5xAe1RTyNBysXAB9OgF po72nhP287N7jVqe3AJbZvfcKjGqLQd+citcYezpPPqx+uFxnPoJeALNL67/EHsdEYYy QPXRjMkdCp2iyxfGM4rdZyS5kCVtH66JnRYvU= Received: by 10.141.204.16 with SMTP id g16mr14321156rvq.275.1214295789992; Tue, 24 Jun 2008 01:23:09 -0700 (PDT) Received: from ?192.168.0.137? ( [217.19.30.147]) by mx.google.com with ESMTPS id c53sm9315821wrc.28.2008.06.24.01.23.08 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 24 Jun 2008 01:23:09 -0700 (PDT) Message-ID: <4860AEEA.8090905@gmail.com> Date: Tue, 24 Jun 2008 10:23:06 +0200 From: albinootje User-Agent: Thunderbird 2.0.0.14 (X11/20080502) MIME-Version: 1.0 To: "Jason C. Wells" References: <4860836B.4030402@highperformance.net> In-Reply-To: <4860836B.4030402@highperformance.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: PF with ftp-proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2008 08:47:32 -0000 Jason C. Wells wrote: > But even more mysteriously, as I typed this message I fired up tcpdump > to try and figure things out. I then attempted to connect to > ftp.freebsd.org and succeeded. I have changed no firewall rules during > the time that I have been writing this message. Then I did a refresh in > firefox and the ftp session failed. Double WTF? How on earth can the > firewall work one second and then not work the next? i'm using the following lines in pf.conf : rdr on $intif proto tcp from $intif:network to any port ftp -> 127.0.0.1 port 8021 pass in on $extif inet proto tcp from port ftp-data to $extif user proxy flags S/SA keep state and this does not work in firefox (2.x), but it works fine with ncftp and gftp