Date: Fri, 12 May 2006 16:06:53 +0300 From: "Huzeyfe Onal" <huzeyfe.onal@gmail.com> To: "Gilberto Villani Brito" <linux@giboia.org> Cc: freebsd-pf@freebsd.org Subject: Re: PF - ftp passive mode. Message-ID: <ffa9ac690605120606o6cc54570w664d588400fd9eed@mail.gmail.com> In-Reply-To: <20060512092430.0e3298ea@giboia> References: <20060512092430.0e3298ea@giboia>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, you need following rules++ pass in on em0 proto tcp from any to 192.168.0.2 port 21 keep state pass in on em0 proto tcp from any to 192.168.0.2 port 49512 >< 65535 keep s= tate and your FTP server's Passive ports interval must be 49152:65535 ? On 5/12/06, Gilberto Villani Brito <linux@giboia.org> wrote: > Hello, > I have a ftp server in a DMZ and this is not accepting passive conections= . > I tryed ipfw + natd and it works. > I am using this rules: > # rdr on em0 proto tcp from any to 200.250.23.1 port 21 -> 192.168.0.2 po= rt 21 > # rdr on em0 proto tcp from any to 200.250.23.1 port 49152:65535 -> 192.1= 68.0.2 port 49152:65535 > > # pass in on em1 from 192.168.0.0/24 to any keep state > # pass out on em1 from any to 192.168.0.0/24 keep state > > http://www.openbsd.org/faq/pf/ftp.html#natserver > > What is the problem??? Don't PF make nat for passive ftp?? > > Gilberto > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Huzeyfe =D6NAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ffa9ac690605120606o6cc54570w664d588400fd9eed>