From owner-freebsd-pf@FreeBSD.ORG Fri May 12 13:06:58 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C87A316A406 for ; Fri, 12 May 2006 13:06:58 +0000 (UTC) (envelope-from huzeyfe.onal@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09A9143D46 for ; Fri, 12 May 2006 13:06:55 +0000 (GMT) (envelope-from huzeyfe.onal@gmail.com) Received: by nz-out-0102.google.com with SMTP id l1so427863nzf for ; Fri, 12 May 2006 06:06:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ROxricJH+sT6CxAtnxcBpdQttAKlhQQYWsDFBmzZA2KHbXZSI5aLNvYOmz9AkmVmNpVAkRLeC584yNjheQKVuWD6Q7TLuMDoUy+bKHAoycDxfh5CZp0O4V/tfNlIoRM7kpTTTGeQ3kYAyKoiD4zHhmuNR1s/Pgcya2kgpGGwJBM= Received: by 10.65.212.11 with SMTP id o11mr1527117qbq; Fri, 12 May 2006 06:06:53 -0700 (PDT) Received: by 10.65.59.11 with HTTP; Fri, 12 May 2006 06:06:53 -0700 (PDT) Message-ID: Date: Fri, 12 May 2006 16:06:53 +0300 From: "Huzeyfe Onal" To: "Gilberto Villani Brito" In-Reply-To: <20060512092430.0e3298ea@giboia> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060512092430.0e3298ea@giboia> Cc: freebsd-pf@freebsd.org Subject: Re: PF - ftp passive mode. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 13:06:59 -0000 Hi, you need following rules++ pass in on em0 proto tcp from any to 192.168.0.2 port 21 keep state pass in on em0 proto tcp from any to 192.168.0.2 port 49512 >< 65535 keep s= tate and your FTP server's Passive ports interval must be 49152:65535 ? On 5/12/06, Gilberto Villani Brito wrote: > Hello, > I have a ftp server in a DMZ and this is not accepting passive conections= . > I tryed ipfw + natd and it works. > I am using this rules: > # rdr on em0 proto tcp from any to 200.250.23.1 port 21 -> 192.168.0.2 po= rt 21 > # rdr on em0 proto tcp from any to 200.250.23.1 port 49152:65535 -> 192.1= 68.0.2 port 49152:65535 > > # pass in on em1 from 192.168.0.0/24 to any keep state > # pass out on em1 from any to 192.168.0.0/24 keep state > > http://www.openbsd.org/faq/pf/ftp.html#natserver > > What is the problem??? Don't PF make nat for passive ftp?? > > Gilberto > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Huzeyfe =D6NAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/