Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 2004 03:54:58 -0000
From:      Pyun YongHyeon <yongari@kt-is.co.kr>
To:        pf4freebsd@freelists.org
Subject:   [pf4freebsd] Re: Using authpf
Message-ID:  <20031025065139.GA7332@kt-is.co.kr>
In-Reply-To: <1067009522.3f9945f26f90e@imp1-a.free.fr>
References:  <1067009522.3f9945f26f90e@imp1-a.free.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Oct 24, 2003 at 05:32:02PM +0200, novocaine@free.fr wrote:
 > First, I'd like to thank all the contributers of the port of pf to Fre=
eBSD.
 >=20
 > I am trying to use authpf on -CURRENT, without success so far. I'd lik=
e to
 > enable ftp access for user "os" using authpf.
 >=20
 > In /usr/local/etc/pf.conf, I have :
 > ...
 > set block-policy return
 > set loginterface $ext_if
 > scrub in all
 >=20
 > nat-anchor authpf
 > rdr-anchor authpf
 > binat-anchor authpf
 >=20
 > <rules>
 >=20
 > anchor authpf in on $ext_if
 >=20
 > I have an empty file /usr/local/etc/authpf/authpf.conf and=20
 > /usr/local/etc/authpf/users/os/authpf.rules reads
 > $ext_if=3D"tun0"
 > pass in quick on $ext_if proto tcp from $user_ip to any port http
 >=20
 > I also try to set /usr/local/sbin/authpf as os' shell (as described on
 > authpf(8)) but it doesn't seem to work. I had to add authpf to /etc/sh=
ells.
 >=20
 > Am I doing something wrong?
 >=20

You should add /usr/local/sbin/authpf to shell database(/etc/shells)
in order to authenticate via ssh.
You may also want to see logs from authpf. Add the following lines
to your syslog.conf and touch the file, restart syslogd.

!authpf
*.*						/var/log/authpf

BTW, I authenticaed successfylly but got the following errors from
authpf.(running on -CURRENT)


Oct 25 15:33:39 db authpf[693]: DIOCCOMMITRULES Invalid argument
Oct 25 15:33:39 db authpf[693]: removed 192.168.10.6, user pfuser - durat=
ion 1067063619 seconds
Oct 25 15:33:39 db authpf[693]: cannot unlink /var/authpf/192.168.10.6 (P=
ermission denied)

This needs more investigation. I'll check.
Thank you for your report!

 > Thanks,
 >=20
 >                           - Olivier
 >=20

--=20
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031025065139.GA7332>