Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Nov 2004 22:15:52 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-current@freebsd.org
Cc:        "Marcos Biscaysaqu - ThePacific.net" <marcos@thepacific.net>
Subject:   Re: PF, FTP problems fixed
Message-ID:  <200411242216.00848.max@love2party.net>
In-Reply-To: <41A597C2.7070005@ThePacific.Net>
References:  <41A597C2.7070005@ThePacific.Net>

next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1601960.ZaoofOrBhB
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

[Please fix your systemtime or timezone]

On Thursday 25 November 2004 09:28, Marcos Biscaysaqu - ThePacific.net wrot=
e:
> Hi there.
> somebody know how to make this work on freebsd???
> -------------------------------------------------------------------------=
=2D-
>
> Ok, bleeding edge pf people...  I wrote a new FTP proxy called "pftpx" and
> I'd like to solicit some feedback from the community...
>
> Why should you try it?  What advantages does pftpx offer?
> 1) it handles all ftp modes: PORT, PASV, EPRT, EPSV
> 2) it handles ipv6
> 3) it should scale: one process handles all sessions using libevent
> 4) it works with "strict" ftp clients (clients that want data connections
>    to the same IP as the control connection)
>
>
> Quick guide:
> - you need libevent-0.8 (OpenBSD 3.6 has it)

Libevent is in ports (devel/libevent - version 0.9).

> - download http://www.sentia.org/downloads/pftpx-0.3.tar.gz
> - untar, make
> - add this to pf.conf in the nat section:
>
> nat-anchor "pftpx/*"
> rdr-anchor "pftpx/*"

That looks not so good. ".../*" anchors are a 3.6 thing, while FreeBSD is=20
en-par with 3.5. From a first look and common sense, I don't think it's a=20
requirement, but you might have to change some code to make it work.

> rdr pass on $if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
>
> - add this to pf.conf in the rule section:
>
> anchor "pftpx/*"

Same here.

> - run the proxy in debug mode: sudo pftpx -d -D7
> - ready to go...
>
> Sorry, no manpage yet, this is bleeding edge after all.  Don't run this in
> production if your job depends on it.   :-)
>
> All feedback welcome, also if you want to suggest a better name.   :-)

I'd be more than happy to see this ported, looks useful!

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart1601960.ZaoofOrBhB
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBBpPoQXyyEoT62BG0RAqdFAJ9AVAxXiP749U/pKeO36k7FmhBLWgCfZxmp
fSMZHil6lZQoVFcj6xS4ycU=
=gfIy
-----END PGP SIGNATURE-----

--nextPart1601960.ZaoofOrBhB--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411242216.00848.max>