From owner-freebsd-pf@FreeBSD.ORG  Thu Nov  2 23:51:37 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 010B116A415
	for <freebsd-pf@freebsd.org>; Thu,  2 Nov 2006 23:51:37 +0000 (UTC)
	(envelope-from reed@reedmedia.net)
Received: from ca.pugetsoundtechnology.com (ca.pugetsoundtechnology.com
	[38.99.2.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0814D43D7E
	for <freebsd-pf@freebsd.org>; Thu,  2 Nov 2006 23:51:28 +0000 (GMT)
	(envelope-from reed@reedmedia.net)
Received: from pool-71-123-204-253.dllstx.fios.verizon.net ([71.123.204.253]
	helo=reedmedia.net)
	by ca.pugetsoundtechnology.com with esmtpa (Exim 4.54)
	id 1GfmHw-0003ry-DV; Thu, 02 Nov 2006 15:48:00 -0800
Received: from reed@reedmedia.net by reedmedia.net with local (mailout 0.17)
	id 683-1162511331; Thu, 02 Nov 2006 17:48:54 -0600
Date: Thu, 2 Nov 2006 17:48:50 -0600 (CST)
From: "Jeremy C. Reed" <reed@reedmedia.net>
To: Larkine <larkine@gmail.com>
In-Reply-To: <454A7B1B.5090008@gmail.com>
Message-ID: <Pine.NEB.4.64.0611021733450.1699@glacier.reedmedia.net>
References: <454A7B1B.5090008@gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-pf@freebsd.org
Subject: Re: ftp-proxy or pftpx problem with FreeBSD 6.1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2006 23:51:37 -0000

> ### First method with ftp-proxy.
> 
> # rc.conf
> 
> i added these lines:
> 
> inetd_enable="YES"
> inetd_flags="-wW -c 60 -a 127.0.0.1"
> 
> # inetd.conf
> 
> I have this line:
> 
> ftp-proxy  stream  tcp  nowait  root  /usr/libexec/ftp-proxy ftp-proxy
> 
> After a reboot and with sockstat -4 command i have:
> 
> root  inetd  583  5  tcp4  127.0.0.1:8021
> 
> # pf.conf
> 
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port
> 8021
> 
> anchor "ftp-proxy/*"
> pass out proto tcp from $int_inf to any port 21 keep state

What version of ftp-proxy are you using?

The ftp-proxy with FreeBSD 6.x doesn't use PF anchors.

> Well, after i used ftp command the connexion works fine but with ls command
> i have this:
> 
> ftp>ls
> 229 Entering Extended Passive Mode (|||9576|)
> 200 EPRT command successful Consider using EPSV.
> 
> and  after 40 seconds i have this:
> 150 Here comes the directory listing.
> ftp: poll timeout waiting before accept: Operation not permitted
> 426 Failure writing network stream.
> 225 No transfer to ABOR.
> ftp>
> 
> I don't what happend but i think, the rdr don't work but why ? I don't know.

What is your entire pf.conf?

Have a look at your ftp-proxy manual page. You need to also allow the 
connections inbound. The man page has a two examples of this and mentions 
-u and -m and -M ftp-proxy options.

As for your pftpx tests, use pfctl to show the rules for your "pftpx" 
anchor. Maybe that will tell you something.

<advertisement>ISBN 0-9790342-0-5</advertisement>