Date: Fri, 24 Mar 2006 09:43:07 -0600 From: "manjoine" <chris@disentropy.com> To: <freebsd-pf@freebsd.org> Subject: Pftpx for incoming ftp connections FTP Server INSIDE the firewall Message-ID: <005201c64f59$a628c050$b0f2ff80@iowa.uiowa.edu> In-Reply-To: <mailman.0.1143209580.80842.freebsd-pf@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I am trying to use pftpx to solve the "strict" ftp clients (clients that want data connections to the same IP as the control connection) issue on a FTP Server INSIDE the firewall I found out that I can't use port redirects on all my external IPS since the FTP Clients have IP Strictness It is the classic Passive FTP problem. I have a firewall in front of an ftp server. I have multiple Ips bound to the Firewall that need to goto the same FTP server (thus the IP issue with strictness) SO I want a pf.conf that will allow me to allow all incoming PASSIVE and ACTIVE FTP connections to any of the Ips to goto the one FTP server I assume that I can use pftpx to proxy all incoming connections? I found only this reference to a possible solution, but I cant seem to get it to work in my pf.conf http://wiki.pfsense.com/wikka.php?wakka=IncomingFTPHowToCan anyone give me an example of how that would be done? Below is a trimmed down version of my pf.conf with the rules for outbound pftpx which is working great but in need imbound. int_if=fpx0 ext_if=fxp1 int_net="192.168.0.0/24" ext_net="{232.333.333.2,232.333.333.3,232.333.333.4}" #FTP out from int_net nat-anchor "pftpx/*" rdr-anchor "pftpx/*" rdr pass on $int_if proto tcp from $int_net to any port 21 -> 127.0.0.1 port 8021 #In the rule section: anchor "pftpx/*"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005201c64f59$a628c050$b0f2ff80>