Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Oct 2008 08:00:11 -0700
From:      "Michael K. Smith - Adhost" <mksmith@adhost.com>
To:        <questions@freebsd.org>
Subject:   Problem with Passive FTP through PF
Message-ID:  <17838240D9A5544AAA5FF95F8D52031604BE2EC8@ad-exh01.adhost.lan>
next in thread | raw e-mail | index | archive | help 

--PGP_Universal_2EFBAC7C_B20AA7E3_299F4E3D_AD25E698
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE

Hello All:

We are running the following:
- FreeBSD 6.3 Release #1
- PF
- pftpx for our ftp proxy

We have several ftp servers of different flavors behind the PF firewalls an=
d we are getting a lot of the following when users are trying to connect us=
ing passive mode.

"Server sent passive reply with unroutable address"

We're running pftpx as a daemon with no specific flags.  From a ps:

proxy         4845  0.0  0.0  1452  1100  ??  Is   27Sep08   0:02.13 /usr/l=
ocal/sbin/pftpx

Here is a sample of the rules we are using to allow traffic and to proxy.  =
The server macros are defined and working correctly.  Any help would be gre=
atly appreciated.

nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr on ! $vlan10_if proto { udp tcp } from any to $f1_cps01_ext0 port { 80 =
443 2087 2083 ftp 49152:65535 } -> $f1_cps01_int0 sticky-address
rdr on ! $vlan10_if proto { udp tcp } from any to $f1_cps01_ext1 port { 80 =
443  ftp 49152:65535 } -> $f1_cps01_int1 sticky-address


--
Michael K. Smith - CISSP, GISP
Chief Technical Officer - Adhost Internet LLC
mksmith@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3  08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)



--PGP_Universal_2EFBAC7C_B20AA7E3_299F4E3D_AD25E698
Content-Type: application/pgp-signature;
	name="PGP.sig"
Content-Transfer-Encoding: 7BIT
Content-Disposition: attachment;
	filename="PGP.sig"

-----BEGIN PGP SIGNATURE-----
Version: 9.9.0 (Build 397)

iQEVAwUBSOon+/TXQhZ+XcVAAQg4aQf/XLBseAu9qT69xLK+b7bxIA0wWpQ6b8Wv
AYel5/duGA2z1KxSzH+BxvRu/l558ft9kWIKmwfn/LOVgCl1dHw3c+1eD6r+F7Hw
BseTXE2K7cvaOLOEvgGl98t/9lfI6k2q8agsqNvnW/CrIYmSna8PwZU3PP7AkPXv
blHDYXO8jAIexlaJIzh4/Wsrn/XHO8J8Qk6OxA06I0XhqK3TFbM9NHTuNLg7nqsS
BO/MpjQlfyS8JWAhzL7qxoL5C50LXbAixrGUOKB5D881n0hwO5aTi9naQEEr6vlN
s8Fh8OJ+8Cs5rrzDKYaqXUKJmR8CzEIvhyW4OAmCemQPBVoyU5oaIQ==
=6v5t
-----END PGP SIGNATURE-----

--PGP_Universal_2EFBAC7C_B20AA7E3_299F4E3D_AD25E698--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D52031604BE2EC8>