From owner-freebsd-current@FreeBSD.ORG Wed Nov 24 21:39:34 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B484C16A4E3 for ; Wed, 24 Nov 2004 21:39:32 +0000 (GMT) Received: from sage.ts.co.nz (sage.tasman.net [202.49.92.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03F2343D49 for ; Wed, 24 Nov 2004 21:39:32 +0000 (GMT) (envelope-from marcos@ThePacific.Net) Received: from sage.ts.co.nz ([172.16.21.1]) by sage.ts.co.nz (8.12.11/8.12.10) with ESMTP id iAOLdUkH027097; Thu, 25 Nov 2004 10:39:30 +1300 Received: from [172.16.20.10] (203-86-192-98.tasman.net [203.86.192.98]) by sage.ts.co.nz (8.12.11/8.12.10) with ESMTP id iAOLWcni021853; Thu, 25 Nov 2004 10:32:39 +1300 Message-ID: <41A5B47C.8000706@ThePacific.Net> Date: Thu, 25 Nov 2004 10:31:24 +0000 From: "Marcos Biscaysaqu - ThePacific.net" User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040910) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier , freebsd-current@freebsd.org References: <41A597C2.7070005@ThePacific.Net> <200411242216.00848.max@love2party.net> In-Reply-To: <200411242216.00848.max@love2party.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: PF, FTP problems fixed X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Nov 2004 21:39:34 -0000 If somebody can port this to freebsd will be great, and will make PF so far the best firewall -------------------------------------------------------------------------------------------------------------------------------------------------------- The two most important parts are: - recursive anchors (appeared in OpenBSD 3.6). Maybe Max knows when those when into FreeBSD? - libevent > 0.8 (from ports/devel/libevent) Anything else that crops up should be easily fixable. Max Laier wrote: >[Please fix your systemtime or timezone] > >On Thursday 25 November 2004 09:28, Marcos Biscaysaqu - ThePacific.net wrote: > > >>Hi there. >>somebody know how to make this work on freebsd??? >>--------------------------------------------------------------------------- >> >>Ok, bleeding edge pf people... I wrote a new FTP proxy called "pftpx" and >>I'd like to solicit some feedback from the community... >> >>Why should you try it? What advantages does pftpx offer? >>1) it handles all ftp modes: PORT, PASV, EPRT, EPSV >>2) it handles ipv6 >>3) it should scale: one process handles all sessions using libevent >>4) it works with "strict" ftp clients (clients that want data connections >> to the same IP as the control connection) >> >> >>Quick guide: >>- you need libevent-0.8 (OpenBSD 3.6 has it) >> >> > >Libevent is in ports (devel/libevent - version 0.9). > > > >>- download http://www.sentia.org/downloads/pftpx-0.3.tar.gz >>- untar, make >>- add this to pf.conf in the nat section: >> >>nat-anchor "pftpx/*" >>rdr-anchor "pftpx/*" >> >> > >That looks not so good. ".../*" anchors are a 3.6 thing, while FreeBSD is >en-par with 3.5. From a first look and common sense, I don't think it's a >requirement, but you might have to change some code to make it work. > > > >>rdr pass on $if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 >> >>- add this to pf.conf in the rule section: >> >>anchor "pftpx/*" >> >> > >Same here. > > > >>- run the proxy in debug mode: sudo pftpx -d -D7 >>- ready to go... >> >>Sorry, no manpage yet, this is bleeding edge after all. Don't run this in >>production if your job depends on it. :-) >> >>All feedback welcome, also if you want to suggest a better name. :-) >> >> > >I'd be more than happy to see this ported, looks useful! > > >