Date: Tue, 15 Nov 2005 15:10:31 -0800 From: Steven Schoch <schoch-freebsd.org@starnet.com> To: freebsd-pf@freebsd.org Subject: Problem with ftp-proxy Message-ID: <6650332b0511151510x4b80684er3032af22182f4480@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I can't get ftp-proxy to work for a non-passive FTP. Here's how I have it set up: in /etc/pf.conf: # rdr outgoing FTP requests to the ftp-proxy rdr on $int_if proto tcp from any to !($ext_if) port ftp -> 127.0.0.1 port = 8021 I put ftp-proxy in debug mode with this line in /etc/inetd.conf: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -u proxy -m 55000 -M 57000 -D 3 When I connect from an internel machine, ftp proxy logs lots of info to /var/log/debug.log. Something is getting in the way, however. I run ftp from a Windows XP machine on 102.168.1.104: ftp> debug ftp> open ftp.starnet.com Connected to starnet.com. 220 starnet.com NcFTPd Server (licensed copy) ready. User (starnet.com:(none)): ftp ---> USER ftp 331 Guest login ok, send your complete e-mail address as password. Password: ---> PASS @starnet.com 230-You are user #1 of 32 simultaneous users allowed. 230- 230 Logged in anonymously. ftp> ls ---> PORT 192,168,1,104,17,233 200 PORT command successful. ---> NLST And then, nothing. Calculating 17 * 256 + 233 =3D 4585, and yes, my Windows machine is actually listening on that port: C:\>netstat -a Active Connections Proto Local Address Foreign Address State TCP steven:4585 steven:0 LISTENING However, when I examine the debug.log file on the gateway, it has this: Nov 15 14:51:36 freebsd ftp-proxy[24862]: client line buffer is "PORT 192,168,1,104,19,137^M " Nov 15 14:51:36 freebsd ftp-proxy[24862]: Got a PORT command Nov 15 14:51:36 freebsd ftp-proxy[24862]: client wants us to use 192.168.1.104:5001 Where did this translation take place? I looked at the source for ftp-proxy and it seems to log the "client line buffer" as it reads it from the client. I verified that there is only one copy of ftp-proxy running, so what did this translation? Ftp-proxy attempts to connect to port 5001 instead of 4585, which of course fails. -- Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6650332b0511151510x4b80684er3032af22182f4480>