Date: Tue, 9 May 2006 10:37:31 -0300 From: Gilberto Villani Brito <linux@giboia.org> To: freebsd-pf@freebsd.org Subject: Re: Problem with ftp-proxy Message-ID: <20060509103731.4876913c@giboia> In-Reply-To: <20060508201512.62715.qmail@web52912.mail.yahoo.com> References: <20060508201512.62715.qmail@web52912.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Why don't you use only this in your pf.conf?? # rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 # pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy fl= ags S/SA keep state I belive your problem is for your users using public ftp. Is it correct?? PS: Esse FAQ esta em portugu=EAs http://www.openbsd.org/faq/pf/pt/ftp.html#= client Gilberto On Mon, 8 May 2006 13:15:12 -0700 (PDT) Matheus Lamberti <matheuslamberti@yahoo.com> wrote: > Hello list, >=20 > Whell, i have implemented a firewall with the default > police "block all", i made very restritive rules > allowing only some connecting ports from the machines > of my LAN. > My problem is, the ftp-proxy is working... > * inetd call then with my flags > * the ftp transaction starts > * but i can recieve back the answer from the remote > server >=20 > Bellow is a part of my pf.conf file ... >=20 > -- start -- > # ftp-proxy > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > rdr pass on $if_intr proto tcp to port ftp -> > 127.0.0.1 port 8021 >=20 > # rules > anchor "ftp-proxy/*" > pass out on $if_adsl proto udp from $if_adsl to any > port $udp_sai keep state > pass out on $if_adsl proto tcp from $if_adsl to any > port $tcp_sai flags $flagtcp modulate state > pass out on $if_adsl proto tcp from $if_adsl to any > port $tcp_ent flags $flagtcp modulate state > pass in on $if_adsl from any to $srv_vip modulate > state > pass in on $if_adsl from any to $if_adsl keep state > pass out on $if_intr from any to $intrant modulate > state > pass in on $if_intr proto udp from $intrant to any > port $udp_sai keep state > pass in on $if_intr proto tcp from $intrant to any > port $tcp_sai flags $flagtcp keep state > pass in on $if_intr proto tcp from $intrant to any > port $tcp_ent flags $flagtcp keep state > pass in on $if_intr proto { tcp, udp } from $intrant > to $srv_bsd port $dhcp_pt keep state > pass in on $if_intr proto { tcp, udp } from $ip_voip > to any keep state > -- end -- >=20 >=20 >=20 > Matheus Lamberti de Abreu > BSD UserID: 051370 / ICQ UIN: 58854189 >=20 > " Diante da vastid=E3o do tempo... > E da imensid=E3o do universo, > =C9 um imenso prazer pra mim, > Dividir um planeta e uma =E9poca com voc=EA! " ( Carl Sagan ) >=20 > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around=20 > http://mail.yahoo.com=20 > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060509103731.4876913c>