From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 03:54:58 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id 46C6C16A4CF; Thu, 16 Sep 2004 03:54:58 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 79765 invoked by uid 1005); 25 Oct 2003 06:55:21 -0000
Delivered-To: max@vampire.homelinux.org
Received: (qmail 79762 invoked from network); 25 Oct 2003 06:55:21 -0000
Received: from moutng.kundenserver.de (212.227.126.188)
  by p50839f20.dip.t-dialin.net with SMTP; 25 Oct 2003 06:55:21 -0000
Received: from [212.227.126.153] (helo=mxng02.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1ADIHZ-0007sC-00
	for max@vampire.homelinux.org; Sat, 25 Oct 2003 08:52:17 +0200
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng02.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1ADIHX-0000kD-00
	for max@love2party.net; Sat, 25 Oct 2003 08:52:15 +0200
Received: from turing (localhost [127.0.0.1])ESMTP
	id 177DC390E8C; Sat, 25 Oct 2003 01:43:51 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Sat, 25 Oct 2003 01:43:43 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125])
	ESMTP id D7A21390C5C
	for <pf4freebsd@freelists.org>; Sat, 25 Oct 2003 01:43:41 -0500 (EST)
Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193])
	(authenticated bits=128)
	by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id h9P6p05G093889
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL);
	Sat, 25 Oct 2003 15:51:01 +0900 (KST)
Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1])
	by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h9P6pi0r007370
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 25 Oct 2003 15:51:45 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
Received: (from yongari@localhost)
	by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h9P6pdth007369;
	Sat, 25 Oct 2003 15:51:39 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
From: Pyun YongHyeon <yongari@kt-is.co.kr>
To: pf4freebsd@freelists.org
Message-ID: <20031025065139.GA7332@kt-is.co.kr>
References: <1067009522.3f9945f26f90e@imp1-a.free.fr>
Mime-Version: 1.0
Content-type: text/plain;
  charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1067009522.3f9945f26f90e@imp1-a.free.fr>
User-Agent: Mutt/1.4.1i
X-Filter-Version: 1.11a (ns.kt-is.co.kr)
X-archive-position: 199
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: yongari@kt-is.co.kr
Precedence: normal
X-list: pf4freebsd
Content-Transfer-Encoding: quoted-printable
X-UID: 314
X-Length: 4760
X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000
Subject: [pf4freebsd] Re: Using authpf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 03:54:58 -0000
X-Original-Date: Sat, 25 Oct 2003 15:51:39 +0900
X-List-Received-Date: Thu, 16 Sep 2004 03:54:58 -0000

On Fri, Oct 24, 2003 at 05:32:02PM +0200, novocaine@free.fr wrote:
 > First, I'd like to thank all the contributers of the port of pf to Fre=
eBSD.
 >=20
 > I am trying to use authpf on -CURRENT, without success so far. I'd lik=
e to
 > enable ftp access for user "os" using authpf.
 >=20
 > In /usr/local/etc/pf.conf, I have :
 > ...
 > set block-policy return
 > set loginterface $ext_if
 > scrub in all
 >=20
 > nat-anchor authpf
 > rdr-anchor authpf
 > binat-anchor authpf
 >=20
 > <rules>
 >=20
 > anchor authpf in on $ext_if
 >=20
 > I have an empty file /usr/local/etc/authpf/authpf.conf and=20
 > /usr/local/etc/authpf/users/os/authpf.rules reads
 > $ext_if=3D"tun0"
 > pass in quick on $ext_if proto tcp from $user_ip to any port http
 >=20
 > I also try to set /usr/local/sbin/authpf as os' shell (as described on
 > authpf(8)) but it doesn't seem to work. I had to add authpf to /etc/sh=
ells.
 >=20
 > Am I doing something wrong?
 >=20

You should add /usr/local/sbin/authpf to shell database(/etc/shells)
in order to authenticate via ssh.
You may also want to see logs from authpf. Add the following lines
to your syslog.conf and touch the file, restart syslogd.

!authpf
*.*						/var/log/authpf

BTW, I authenticaed successfylly but got the following errors from
authpf.(running on -CURRENT)


Oct 25 15:33:39 db authpf[693]: DIOCCOMMITRULES Invalid argument
Oct 25 15:33:39 db authpf[693]: removed 192.168.10.6, user pfuser - durat=
ion 1067063619 seconds
Oct 25 15:33:39 db authpf[693]: cannot unlink /var/authpf/192.168.10.6 (P=
ermission denied)

This needs more investigation. I'll check.
Thank you for your report!

 > Thanks,
 >=20
 >                           - Olivier
 >=20

--=20
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>