From owner-freebsd-pf@FreeBSD.ORG  Thu Dec 23 06:05:15 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4943F16A4CF
	for <freebsd-pf@freebsd.org>; Thu, 23 Dec 2004 06:05:15 +0000 (GMT)
Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C67D343D6D
	for <freebsd-pf@freebsd.org>; Thu, 23 Dec 2004 06:05:14 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org
	(vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98])
	by postfix4-1.free.fr (Postfix) with ESMTP id 9F86323B7D3;
	Thu, 23 Dec 2004 07:05:12 +0100 (CET)
Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000)
	id B332D40BC; Thu, 23 Dec 2004 07:05:27 +0100 (CET)
Date: Thu, 23 Dec 2004 07:05:26 +0100
From: Jeremie Le Hen <jeremie@le-hen.org>
To: Didier Wiroth <didier.wiroth@mcesr.etat.lu>
Message-ID: <20041223060526.GH675@obiwan.tataz.chchile.org>
References: <8e3f9722ef1.41c8e20b@etat.lu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <8e3f9722ef1.41c8e20b@etat.lu>
User-Agent: Mutt/1.5.6i
cc: freebsd-pf@freebsd.org
Subject: Re: pfS ftp-proxy binding to 127.0.0.1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Dec 2004 06:05:15 -0000

On Wed, Dec 22, 2004 at 02:55:07AM +0100, Didier Wiroth wrote:
> HI,
> I'm still trying openbsd and freebsd.
> 
> I'm setting a pppoe router , using pf and ftp-proxy.
> On openbsd you can bind ftp-proxy to the localhost address, openbsd's
> ftp-proxy only listens to 127.0.0.1 like this:
> 127.0.0.1:8021
> 
> On freebsd it listens on all ip addresses, here is the result of sockstat:
> root     inetd      750   4  tcp4   *:8021                *:*
> 
>  I do understand that I can explicitly add a pf rule to deny or  allow
> access to the proxy but to enforce security  is it possible to bind
> ftp-proxy so that it only listens to the localhost.

This may be a bit off-topic, but you may want to have a look at a new
FTP proxy for pf(4): pftpx
http://marc.theaimsgroup.com/?l=openbsd-misc&m=110129991118018&w=2

Regards,
-- 
Jeremie Le Hen
jeremie@le-hen.org