Date: Thu, 18 Aug 2005 15:08:40 +0200 From: "Shane James" <shane@phpboy.co.za> To: <freebsd-pf@freebsd.org> Subject: FTP-Proxy not working Message-ID: <004e01c5a3f6$0141d0e0$6510a8c0@phpboy>
next in thread | raw e-mail | index | archive | help
Hey all,
# uname -a
FreeBSD uplink-rtr-pta.virtek.co.za 5.4-STABLE FreeBSD 5.4-STABLE #1: =
Thu Aug 18 13:25:31 SAST 2005 =
root@uplink-rtr-pta.virtek.co.za:/usr/obj/usr/src/sys/UPLINK i386
I have pf enabled and it's working beautifully... only problem is... FTP =
refuses to work from behind NAT..
I've enabled ftp-proxy properly in inetd. When Ever I connect to an FTP =
host... I authenticate and when I try 'ls' or 'dir' it does nothing and =
eventually times out
#pf.conf
# Macros
ext_if=3D"rl1" # ADSL Interface
virtek_if=3D"rl0" # Virtek/Sdata/Maverix Interface
customers_if=3D"rl2" # Customers Interface
int_net=3D"192.168.0.0/16" # Internal Networks
virtek_net=3D"192.168.16.0/24" # Virtek Network
table <customer_net> { 192.168.0.0/16, !192.168.16.0/24 }
# Options
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface $ext_if
set optimization normal
set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"
# Normalization: reassemble fragments and resolve or reduce traffic =
ambiguities.
scrub in all
# Queueing: rule-based bandwidth control.
#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
#queue dflt bandwidth 5% cbq(default)
#queue developers bandwidth 80%
#queue marketing bandwidth 15%
# NAT Rule for all internal networks
nat on $ext_if from { 192.168.0.0/16, !192.168.16.3 } to any -> =
196.26.21.106
# BINAT Rule for SDATA Windows Server
binat on $ext_if from 192.168.16.3 to any -> 196.26.21.107
# Redirect all SMTP Traffic Through Local SMTP Server
rdr on {rl0, rl2} proto tcp from any to any port 25 -> 127.0.0.1 port 25
# Redirect all ftp traffic through local ftp-proxy service
rdr on rl0 proto tcp from 192.168.16.0/24 to any port 21 -> 127.0.0.1 =
port 8021
# HTTP Transparent Proxy Redirect (Squid)
# Virtek/SDATA/Maverix HTTP Redirect
#rdr on $virtek_if proto tcp from $virtek_net to any port 80 -> =
127.0.0.1 port 8080
#Customers HTTP Redirect
rdr on $customers_if proto tcp from <customers_net> to any port 80 -> =
127.0.0.1 port 8080
# Filtering: the implicit first two rules are
pass in all
pass out all
pass quick on lo0 all
# --- FTP command channel
#pass out log-all quick on $ext_if inet proto tcp from =
$virtek_if:network to any port ftp flags S/SA keep state
# --- FTP data channel (passive)
#pass out log-all quick on $ext_if inet proto tcp from any to any user =
proxy flags S/SA keep state
#pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy =
flags S/SA keep state
#pass out on $virtek_if proto tcp from any port 55000:57000 to any keep =
state
#pass in on $virtek_if proto tcp from any to any port 55000:57000 keep =
state
#pass out on $ext_if proto tcp from any port 55000:65000 to any keep =
state
#pass in on $ext_if proto tcp from any to any port 55000:57000 keep =
state
#pass out on $ext_if proto tcp from any port 20 to any keep state
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) keep state
PLEASE HELP! :<
Kind Regards,
Shane James
shane@phpboy.co.za
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004e01c5a3f6$0141d0e0$6510a8c0>