Date: Tue, 28 Mar 2006 20:39:11 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Peter <petermatulis@yahoo.ca> Cc: Renato Botelho <rbgarga@gmail.com>, freebsd-stable@freebsd.org Subject: Re: Problems with pf + ftp-proxy on gateway Message-ID: <442990DF.1040300@infracaninophile.co.uk> In-Reply-To: <20060328190609.28643.qmail@web60013.mail.yahoo.com> References: <20060328190609.28643.qmail@web60013.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Peter wrote: > --- Renato Botelho <rbgarga@gmail.com> wrote: > >> I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. >> >> I have this line on inetd.conf: >> >> ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy >> >> ftp-proxy -n >> >> And this lines on pf.conf: >> >> rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port >> ftp-proxy >> pass in quick on $ext_if inet proto tcp from any port ftp-data to >> $ext_if:0 user proxy flags S/SA keep state >> >> When one machine inside my network (e.g. 192.168.x.x) connects to an >> external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't >> work. >> >> Connection comes to my firewall and is accepted but connection is not >> established and stay like this here: >> >> self tcp 200.x.x.x:57625 <- 200.x.x.x:20 ESTABLISHED:FIN_WAIT_2 > > You need to decide whether you are working with passive ftp clients > (probably), active, or both. Or use the ftp/pftpx port, which handles proxying all types of active and passive FTP. That's the successor to ftp-proxy(8) due to be released shortly as part of OpenBSD 3.9, and documented at: http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEKZDl8Mjk52CukIwRA0X5AJ9Sa1jjsactdUkFs5G3IOiRvFqJiQCdHdl1 XIXf9AOgfwrUELcuh0pCNLM= =ZUtN -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442990DF.1040300>