From owner-freebsd-pf@FreeBSD.ORG Thu Nov 2 23:10:31 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D28816A47E for ; Thu, 2 Nov 2006 23:10:31 +0000 (UTC) (envelope-from larkine@gmail.com) Received: from smtp6-g19.free.fr (smtp6-g19.free.fr [212.27.42.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DF7D43D5A for ; Thu, 2 Nov 2006 23:10:23 +0000 (GMT) (envelope-from larkine@gmail.com) Received: from [127.0.0.1] (mac76-2-82-241-6-173.fbx.proxad.net [82.241.6.173]) by smtp6-g19.free.fr (Postfix) with ESMTP id 6EA0243381 for ; Fri, 3 Nov 2006 00:10:22 +0100 (CET) Message-ID: <454A7B1B.5090008@gmail.com> Date: Fri, 03 Nov 2006 00:11:23 +0100 From: Larkine User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: ftp-proxy or pftpx problem with FreeBSD 6.1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: larkine@gmail.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2006 23:10:31 -0000 Hello :) I got a laptop with the operating system FreeBSD 6.1 and an ADSL modem to connect on the internet. I would like to setup a personnal firewall on my computer and I choose OpenBSD pf. The only network interface is ndis0. The filtering method is quite simple : everything is blocked and only what I need is authorized. However I have a problem with FTP protocol. I tryed ftp-proxy and pftpx without success :( ### First method with ftp-proxy. # rc.conf i added these lines: inetd_enable="YES" inetd_flags="-wW -c 60 -a 127.0.0.1" # inetd.conf I have this line: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy After a reboot and with sockstat -4 command i have: root inetd 583 5 tcp4 127.0.0.1:8021 # pf.conf nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port 8021 anchor "ftp-proxy/*" pass out proto tcp from $int_inf to any port 21 keep state Well, after i used ftp command the connexion works fine but with ls command i have this: ftp>ls 229 Entering Extended Passive Mode (|||9576|) 200 EPRT command successful Consider using EPSV. and after 40 seconds i have this: 150 Here comes the directory listing. ftp: poll timeout waiting before accept: Operation not permitted 426 Failure writing network stream. 225 No transfer to ABOR. ftp> I don't what happend but i think, the rdr don't work but why ? I don't know. ### Two method with pftpx # rc.conf I added this line: pftpx_enable="YES" After a reboot and with sockstat -4 command i have: proxy pftpx 495 3 tcp4 127.0.0.1:8021 *:* # pf.conf nat-anchor "pftpx/*" rdr-anchor "pftpx/*" rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port 8021 anchor "pftpx/*" pass out proto tcp from $int_inf to any port 21 keep state Well, after i used ftp command the connexion works fine but i have the same problem. Just an question, why the rdr dont work at all on my computer ? What Happened ? Thank you so much :)