Date: Wed, 24 Nov 2004 22:15:52 +0100 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: "Marcos Biscaysaqu - ThePacific.net" <marcos@thepacific.net> Subject: Re: PF, FTP problems fixed Message-ID: <200411242216.00848.max@love2party.net> In-Reply-To: <41A597C2.7070005@ThePacific.Net> References: <41A597C2.7070005@ThePacific.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1601960.ZaoofOrBhB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline [Please fix your systemtime or timezone] On Thursday 25 November 2004 09:28, Marcos Biscaysaqu - ThePacific.net wrot= e: > Hi there. > somebody know how to make this work on freebsd??? > -------------------------------------------------------------------------= =2D- > > Ok, bleeding edge pf people... I wrote a new FTP proxy called "pftpx" and > I'd like to solicit some feedback from the community... > > Why should you try it? What advantages does pftpx offer? > 1) it handles all ftp modes: PORT, PASV, EPRT, EPSV > 2) it handles ipv6 > 3) it should scale: one process handles all sessions using libevent > 4) it works with "strict" ftp clients (clients that want data connections > to the same IP as the control connection) > > > Quick guide: > - you need libevent-0.8 (OpenBSD 3.6 has it) Libevent is in ports (devel/libevent - version 0.9). > - download http://www.sentia.org/downloads/pftpx-0.3.tar.gz > - untar, make > - add this to pf.conf in the nat section: > > nat-anchor "pftpx/*" > rdr-anchor "pftpx/*" That looks not so good. ".../*" anchors are a 3.6 thing, while FreeBSD is=20 en-par with 3.5. From a first look and common sense, I don't think it's a=20 requirement, but you might have to change some code to make it work. > rdr pass on $if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 > > - add this to pf.conf in the rule section: > > anchor "pftpx/*" Same here. > - run the proxy in debug mode: sudo pftpx -d -D7 > - ready to go... > > Sorry, no manpage yet, this is bleeding edge after all. Don't run this in > production if your job depends on it. :-) > > All feedback welcome, also if you want to suggest a better name. :-) I'd be more than happy to see this ported, looks useful! =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1601960.ZaoofOrBhB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBpPoQXyyEoT62BG0RAqdFAJ9AVAxXiP749U/pKeO36k7FmhBLWgCfZxmp fSMZHil6lZQoVFcj6xS4ycU= =gfIy -----END PGP SIGNATURE----- --nextPart1601960.ZaoofOrBhB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411242216.00848.max>