Date: Thu, 6 Mar 2008 06:39:33 -0800 From: Jeremy Chadwick <koitsu@freebsd.org> To: "Andrey A. Belashkov" <virus@virus.org.ua> Cc: mlaier@freebsd.org, pf@benzedrine.cx, freebsd-pf@freebsd.org Subject: Re: pf + ftp troubles. Message-ID: <20080306143933.GA90628@eos.sc1.parodius.com> In-Reply-To: <20080306135739.GD79846@web3.hostdad.com> References: <20080306135739.GD79846@web3.hostdad.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 06, 2008 at 03:57:39PM +0200, Andrey A. Belashkov wrote:
> Hello.
> I need setup non standart nat rules by pf for ftp.
> All outgoing ftp connections must nat behind 172.16.5.10 address
> assigned by mpd to ng0.
>
> I setup mpd, interface is up and if i use as source address 172.16.5.10
> for ftp all is fine. But ftp function in php cant choose source address,
> so i need use nat.
>
> When i setup pf with rules:
> set optimization normal
> set block-policy return
> scrub in all
> nat on em0 from any to any port { 20 21 } -> 172.16.5.10
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr on ng0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
> anchor "ftp-proxy/*"
> pass out quick on em0 route-to { (ng0 172.16.5.1) } from 172.16.5.10 to any keep state
> pass in all
> pass out all
>
> and start ftp-proxy with keys "-a 172.16.5.10 -r -vv -m 500" and try to
> connect any ftp server - server respond and show me his login prompt.
> But when i try list files on ftp, client cant setup data connection.
> In passive and in active modes.
>
> How i can fix this problem?
Your pf rules for FTP are wrong. Please see this thread:
http://lists.freebsd.org/pipermail/freebsd-pf/2008-March/004148.html
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080306143933.GA90628>