Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Apr 2007 21:08:08 -0400
From:      "Dave" <dmehler26@woh.rr.com>
To:        <freebsd-pf@freebsd.org>
Subject:   issues with ftp from windows 
Message-ID:  <000301c77bd5$ded6ad50$0200a8c0@satellite>
next in thread | raw e-mail | index | archive | help 
Hello,
I'm having issues with getting ftp to work on Windows boxes, specifically 
xpsp2 protected by a pf firewall. I'm running pftpx on FreeBSD 6.2. Unix 
clients can ftp fine, I do have occational issues with not being able to 
list directory contents but overall it works fine. Windows clients i get a 
can not find file messageeverytime, i've tried both active and passive mode 
in explorer ie6 to be specific no good. Here's the relevant portions of my 
config:

# define the two network interfaces
ext_if = "rl0"
int_if = "xl0"

# gateway ftp, user restricted passive or active
# I had to do this so that the firewall box could ftp
ftp_users="{root, proxy}"

scrub all reassemble tcp no-df random-id max-mss 1400

nat on $ext_if from 192.168.1.0/24 to any -> ($ext_if)
nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr pass on $int_if inet proto tcp from 192.168.1.0/24 to any port ftp -> 
127.0.0.1 port 8021

block log all

anchor "pftpx/*"

pass out quick on $ext_if inet proto tcp from ($ext_if) to any port { 
ftp-data, ftp } keep state
pass in quick on $int_if inet proto tcp from 192.168.1.0/24 to any port { 
ftp-data, ftp } keep state
# These were also needed to allow ftp from the router
# Allow ftp control and passive data connections outbound
pass quick inet proto tcp from ($ext_if) to any user proxy keep state
# Allow ftp active data connections inbound
pass quick inet proto tcp from any to ($ext_if) user proxy keep state
# Passive mode connection?
pass quick inet proto tcp from port 20 to any user proxy keep state
# For FTP servers that violate RFC 959?
pass quick inet proto tcp from any to $int_if user proxy keep state

I've tried doing a tcpdump on the pflog0 interface while a windows box is 
trying to ftp, i'm not getting any output at all. Trying the same command on 
the internal interface of the router, floods me with arp and again i see 
nothing useful. Any help appreciated.
Thanks.
Dave.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c77bd5$ded6ad50$0200a8c0>