Date: Mon, 6 Sep 2004 15:28:13 +0200 From: Divacky Roman <xdivac02@stud.fit.vutbr.cz> To: current@freebsd.org Cc: mlaier@freebsd.org Subject: ftp-proxy@pf not working on recent current and/or RELENG_5 Message-ID: <20040906132813.GA53245@stud.fit.vutbr.cz>
next in thread | raw e-mail | index | archive | help
Hi,
with this pf.conf and PROPERLY set up inetd I am not able to use ftp-proxy...
it simply doesnt work and I am pretty sure it worked before. I see this on
RELENG_5 and on -CURRENT too... If I am doing anything wrong pls tell me
pf.conf:
ext_if="vr0"
int_if="xl0"
#normalize packets
scrub in all
altq on $ext_if bandwidth 256Kb cbq queue {ssh_i web other}
queue ssh_i bandwidth 25% cbq(borrow ecn)
queue web bandwidth 25% cbq(borrow ecn)
queue other bandwidth 50% cbq(borrow default ecn)
#ftp redirection
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
#nat
nat on $ext_if from $int_if:network to any -> ($ext_if)
#rules
#default to block all
block in on $ext_if all
#pass all out while keeping state. and queue it
pass out on $ext_if from any to any keep state queue other
#queuing
pass on $ext_if proto tcp from any to any port ssh keep state queue(ssh_i, other)
pass out on $ext_if proto tcp from any to any port http keep state queue web
#ftp proxy
pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state queue other
#allow icmp
pass in on $ext_if inet proto icmp from any to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040906132813.GA53245>