Date: Tue, 7 Sep 2004 23:52:06 +0200 From: Max Laier <max@love2party.net> To: Divacky Roman <xdivac02@stud.fit.vutbr.cz> Cc: current@freebsd.org Subject: Re: ftp-proxy@pf not working on recent current and/or RELENG_5 Message-ID: <200409072352.13676.max@love2party.net> In-Reply-To: <20040907113838.GA34373@stud.fit.vutbr.cz> References: <20040906132813.GA53245@stud.fit.vutbr.cz> <20040907075758.GA19752@stud.fit.vutbr.cz> <20040907113838.GA34373@stud.fit.vutbr.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_N2iPBHF5KJYHvTL
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
[ Sorry for the late reply, I was in Zuerich for SuCon and didn't anticipat=
e=20
the long(er) time away from mail (certainly my fault, not the organizer's o=
r=20
the like). The conference was great, consider attending next year! ]
to the actual problem: Looks like you missed a serious mergemaster round. A=
t=20
least you do not seem to have a:
ftp-proxy 8021/tcp # FTP proxy
line in your /etc/services
Did you submit any PR?
On Tuesday 07 September 2004 13:38, Divacky Roman wrote:
> by setting debug level to -D3 I am getting this in /var/log/messages
> Sep 7 13:28:50 queeg500 ftp-proxy[845]: getsockname() failed (Socket
> operation on non-socket)
>
> so something is obviously wrong...
>
> pls take a look at it - I consider it a serious bug
>
> On Tue, Sep 07, 2004 at 09:57:58AM +0200, Divacky Roman wrote:
> > seems like inetd doesnt even try to run ftp-proxy
> >
> > ie. when I issue ftp on nated machine and see what inetd is doing it in=
S
> > state (ie. sleeping for more than 20 seconds)
> >
> > On Mon, Sep 06, 2004 at 03:28:13PM +0200, Divacky Roman wrote:
> > > Hi,
> > >
> > > with this pf.conf and PROPERLY set up inetd I am not able to use
> > > ftp-proxy... it simply doesnt work and I am pretty sure it worked
> > > before. I see this on RELENG_5 and on -CURRENT too... If I am doing
> > > anything wrong pls tell me
> > >
> > > pf.conf:
> > >
> > > ext_if=3D"vr0"
> > > int_if=3D"xl0"
> > >
> > > #normalize packets
> > > scrub in all
> > >
> > > altq on $ext_if bandwidth 256Kb cbq queue {ssh_i web other}
> > > queue ssh_i bandwidth 25% cbq(borrow ecn)
> > > queue web bandwidth 25% cbq(borrow ecn)
> > > queue other bandwidth 50% cbq(borrow default ecn)
> > >
> > > #ftp redirection
> > > rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 80=
21
> > > #nat
> > > nat on $ext_if from $int_if:network to any -> ($ext_if)
> > >
> > > #rules
> > > #default to block all
> > > block in on $ext_if all
> > > #pass all out while keeping state. and queue it
> > > pass out on $ext_if from any to any keep state queue other
> > > #queuing
> > > pass on $ext_if proto tcp from any to any port ssh keep state
> > > queue(ssh_i, other) pass out on $ext_if proto tcp from any to any port
> > > http keep state queue web #ftp proxy
> > > pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep
> > > state queue other #allow icmp
> > > pass in on $ext_if inet proto icmp from any to any
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--Boundary-02=_N2iPBHF5KJYHvTL
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)
iD8DBQBBPi2NXyyEoT62BG0RAvtNAJ9ToKbpmm4QE2ZM/r00etdw1Zgl8QCdGnoe
XVCDSueDcCyHDolNgnL707E=
=082d
-----END PGP SIGNATURE-----
--Boundary-02=_N2iPBHF5KJYHvTL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409072352.13676.max>