Date: Thu, 7 Jul 2005 20:16:20 +0200 From: Michael Weiser <michael@weiser.dinsnail.net> To: freebsd-pf@freebsd.org Subject: pftpx rules not showing in pfctl Message-ID: <20050707181620.GA57981@weiser.dinsnail.net>
next in thread | raw e-mail | index | archive | help
Hello, this may sound ridiculous but I've actually managed to set up pftpx and now can't seem to figure out why it works. :) I've compiled pftpx on my FreeBSD-CURRENT box with some minor tweaking because of missing stnvis. I added the required rules to my pf.conf: nat-anchor "pftpx/*" rdr-anchor "pftpx/*" rdr on $intif inet proto tcp from any to any port 21 -> 127.0.0.1 port 8021 and anchor "pftpx/*" on $dslif pass out quick on $dslif inet proto tcp from $dslif port $unpriv to any port = ftp modulate state (no-sync) flags S/SA label $dslif-out-ftp $dslif is xl0 for me. It's present on the anchor because I also have a $pppif tun0 which is used occasionally and rules for it are defined further down the filter list. Anyway. I fired up pftpx -d -D 7 and lo, everything works nicely. Then I went and said 'pfctl -a pftpx -s r' whilst running an ftp download. No matter what I do, it says the rule list is empty. When running it with '-s a' I see that there are entries for the ftp connections in the state table, but still no rules. Is it supposed to behave that way or should I be seeing some rule entries? Thanks in advance, -- bye, Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050707181620.GA57981>