From owner-freebsd-questions@FreeBSD.ORG Mon Oct 6 15:37:34 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E54FE106568E for ; Mon, 6 Oct 2008 15:37:34 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-defer02.adhost.com (mail-defer02.adhost.com [216.211.128.177]) by mx1.freebsd.org (Postfix) with ESMTP id C3ACC8FC1C for ; Mon, 6 Oct 2008 15:37:34 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in02.adhost.com (mail-in02.adhost.com [10.212.3.12]) by mail-defer02.adhost.com (Postfix) with ESMTP id 3D7C31748A0F for ; Mon, 6 Oct 2008 08:00:18 -0700 (PDT) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (exchange.adhost.com [216.211.143.69]) by mail-in02.adhost.com (Postfix) with ESMTP id 573DD1EE830 for ; Mon, 6 Oct 2008 08:00:16 -0700 (PDT) (envelope-from mksmith@adhost.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 MIME-Version: 1.0 x-pgp-encoding-format: MIME x-pgp-mapi-encoding-version: 2.5.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="PGP_Universal_2EFBAC7C_B20AA7E3_299F4E3D_AD25E698" x-pgp-encoding-version: 2.0.2 Content-class: urn:content-classes:message Date: Mon, 6 Oct 2008 08:00:11 -0700 Message-ID: <17838240D9A5544AAA5FF95F8D52031604BE2EC8@ad-exh01.adhost.lan> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Problem with Passive FTP through PF Thread-Index: AcknxDdUpK62w23aTU+D3MUN3ZTlfg== From: "Michael K. Smith - Adhost" To: Cc: Subject: Problem with Passive FTP through PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2008 15:37:35 -0000 --PGP_Universal_2EFBAC7C_B20AA7E3_299F4E3D_AD25E698 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: QUOTED-PRINTABLE Hello All: We are running the following: - FreeBSD 6.3 Release #1 - PF - pftpx for our ftp proxy We have several ftp servers of different flavors behind the PF firewalls an= d we are getting a lot of the following when users are trying to connect us= ing passive mode. "Server sent passive reply with unroutable address" We're running pftpx as a daemon with no specific flags. From a ps: proxy 4845 0.0 0.0 1452 1100 ?? Is 27Sep08 0:02.13 /usr/l= ocal/sbin/pftpx Here is a sample of the rules we are using to allow traffic and to proxy. = The server macros are defined and working correctly. Any help would be gre= atly appreciated. nat-anchor "pftpx/*" rdr-anchor "pftpx/*" rdr on ! $vlan10_if proto { udp tcp } from any to $f1_cps01_ext0 port { 80 = 443 2087 2083 ftp 49152:65535 } -> $f1_cps01_int0 sticky-address rdr on ! $vlan10_if proto { udp tcp } from any to $f1_cps01_ext1 port { 80 = 443 ftp 49152:65535 } -> $f1_cps01_int1 sticky-address -- Michael K. Smith - CISSP, GISP Chief Technical Officer - Adhost Internet LLC mksmith@adhost.com w: +1 (206) 404-9500 f: +1 (206) 404-9050 PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D) --PGP_Universal_2EFBAC7C_B20AA7E3_299F4E3D_AD25E698 Content-Type: application/pgp-signature; name="PGP.sig" Content-Transfer-Encoding: 7BIT Content-Disposition: attachment; filename="PGP.sig" -----BEGIN PGP SIGNATURE----- Version: 9.9.0 (Build 397) iQEVAwUBSOon+/TXQhZ+XcVAAQg4aQf/XLBseAu9qT69xLK+b7bxIA0wWpQ6b8Wv AYel5/duGA2z1KxSzH+BxvRu/l558ft9kWIKmwfn/LOVgCl1dHw3c+1eD6r+F7Hw BseTXE2K7cvaOLOEvgGl98t/9lfI6k2q8agsqNvnW/CrIYmSna8PwZU3PP7AkPXv blHDYXO8jAIexlaJIzh4/Wsrn/XHO8J8Qk6OxA06I0XhqK3TFbM9NHTuNLg7nqsS BO/MpjQlfyS8JWAhzL7qxoL5C50LXbAixrGUOKB5D881n0hwO5aTi9naQEEr6vlN s8Fh8OJ+8Cs5rrzDKYaqXUKJmR8CzEIvhyW4OAmCemQPBVoyU5oaIQ== =6v5t -----END PGP SIGNATURE----- --PGP_Universal_2EFBAC7C_B20AA7E3_299F4E3D_AD25E698--