From owner-freebsd-questions@FreeBSD.ORG Mon Aug 14 19:27:27 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF80716A4DE for ; Mon, 14 Aug 2006 19:27:27 +0000 (UTC) (envelope-from levchenko.i@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27D8943D4C for ; Mon, 14 Aug 2006 19:27:26 +0000 (GMT) (envelope-from levchenko.i@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so168371uge for ; Mon, 14 Aug 2006 12:27:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Mvx4FU6Lpuh5mdTybjKvrt5WMc1LD4UrZlL3JtRHUux5I3ORn5dxKAkq8/DI8nkUGsTadVrv/0eq0F4Dje7IvLhkvfOlSrVBIcWwWsiPjrMIdCpP7nDSrVJ631Ge086n2aSfowvRKP6tNta5RZC0Ng+wiVlNtT+G8LppxSyUvuE= Received: by 10.67.89.5 with SMTP id r5mr8633212ugl; Mon, 14 Aug 2006 12:27:26 -0700 (PDT) Received: by 10.66.239.8 with HTTP; Mon, 14 Aug 2006 12:27:25 -0700 (PDT) Message-ID: Date: Mon, 14 Aug 2006 22:27:25 +0300 From: "Ivan Levchenko" To: "Gilberto Villani Brito" , freebsd-questions@freebsd.org In-Reply-To: <6e6841490608141219u5ef60960n8731717da00b5785@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <6e6841490608141219u5ef60960n8731717da00b5785@mail.gmail.com> Cc: Subject: Re: ftp-proxy with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 19:27:27 -0000 Hello Gilberto, No, that wouldn't work, there is no sense in adding a nat rule to the internal interface. I just found out why it didn't work. All this time, I was using active ftp on my ubuntu box. when i switched to passive, it all worked like a charm. found it on some forum archive .. forgot the link. on linux the env setting for passive ftp doesn't work.. .i never knew that.. you have you add -p to the ftp command or start it using pftp.. On 8/14/06, Gilberto Villani Brito wrote: > Try using this rule: > nat on $int_if from any to any port 21 -> 127.0.0.1 port 8021 > > > Gilberto > > > 2006/8/13, Ivan Levchenko < levchenko.i@gmail.com>: > > > Hi everybody, > > having some troubles with ftp-proxy on my gateway at home: the darn > thing gets me connected to an outside ftp server, but won't let me do > anything else with it. > > the gateway computer is freebsd (it is running pf with nat to share > and secure a pppoe connection); the client computer is running kubuntu > 6.06. > > here is what i get when trying to connect to a ftp server behind the nat: > > $ ftp ftp.freebsd.org > Connected to ftp.freebsd.org . > 220 ftp.FreeBSD.org NcFTPd Server (licensed copy) ready. > Name (ftp.freebsd.org:ivan): ftp > 331 Guest login ok, send your complete e-mail address as password. > Password: > 230-You are user #112 of 1000 simultaneous users allowed. > 230- > 230 Logged in anonymously. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> ls > 550 Data connection must go to same host as control connection. > ftp: bind: Address already in use > ftp> > > or i get this error when connecting to a different ftp server (vsftpd): > 500 Illegal PORT command. > ftp: bind: Address already in use. > > i read the ftp-proxy and pf.conf man pages and have google-ed more > than my brain can comprehend but still no answer for this. > > i attached the conf files for pf.conf and inetd.conf > > any help (the right keyword to google with will be nice too!!!) will be > great! > > -- > Best Regards, > > Ivan Levchenko > levchenko.i@gmail.com > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to " > freebsd-pf-unsubscribe@freebsd.org" > > > > > -- Best Regards, Ivan Levchenko levchenko.i@gmail.com