Date: Fri, 25 Mar 2005 04:49:41 -0500 (EST) From: vsavichev@wesleyan.edu To: freebsd-pf@freebsd.org Subject: transparent proxy ftp mode Message-ID: <55087.81.30.200.207.1111744181.squirrel@81.30.200.207>
next in thread | raw e-mail | index | archive | help
hi,
we have pf and couple of ip aliases on the $ext_if. pf NAT's the connections
out in round-robin fasion, pf let's the clients out through statefull
rules Recently, we switched to the transparent proxy mode in squid-pf conf
pf.conf>
rdr on $int_if inet proto tcp from any to {!192.168.0.0/24} port \
{ 80, 8080, 8101 } -> 127.0.0.1 port 3128
ok, there is small problem then we try to download someth. in browser
from ftp sites, reply is:
passive ftp connection must come from same host active control connection
does it says, i have to use ftp-proxy as well or should I lock somehow
ftp related connects to predefined ip, I'm not sure if i express it
correctly.
thanks, vlad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55087.81.30.200.207.1111744181.squirrel>