From owner-freebsd-pf@FreeBSD.ORG Wed May 18 14:56:25 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3983616A4CE for ; Wed, 18 May 2005 14:56:25 +0000 (GMT) Received: from zixvpm01.seton.org (zixvpm01.seton.org [207.193.126.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83DCC43D96 for ; Wed, 18 May 2005 14:56:24 +0000 (GMT) (envelope-from mgrooms@seton.org) Received: from zixvpm01.seton.org (ZixVPM [127.0.0.1]) by Outbound.seton.org (Proprietary) with ESMTP id 004CE3600C9 for ; Wed, 18 May 2005 09:56:21 -0500 (CDT) Received: from mx2-out.seton.org (unknown [10.21.254.241]) by zixvpm01.seton.org (Proprietary) with ESMTP id 9158B330059 for ; Wed, 18 May 2005 09:56:20 -0500 (CDT) Received: from localhost (unknown [127.0.0.1]) by mx2-out.seton.org (Postfix) with ESMTP id 388D4815 for ; Wed, 18 May 2005 08:49:06 -0500 (CDT) Received: from mx2-out.seton.org ([10.21.254.241]) by localhost (mx2 [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 22340-21 for ; Wed, 18 May 2005 08:49:06 -0500 (CDT) Received: from ausexfe02.seton.org (unknown [10.20.10.185]) by mx2-out.seton.org (Postfix) with ESMTP id 0E828811 for ; Wed, 18 May 2005 08:49:06 -0500 (CDT) Received: from [10.20.160.190] ([10.20.160.190]) by ausexfe02.seton.org with Microsoft SMTPSVC(6.0.3790.211); Wed, 18 May 2005 09:56:20 -0500 Message-ID: <428B58AE.9000807@seton.org> Date: Wed, 18 May 2005 10:01:02 -0500 From: Matthew Grooms Organization: Seton Healthcare Network User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 18 May 2005 14:56:20.0137 (UTC) FILETIME=[C02FE990:01C55BB9] X-Virus-Scanned: by amavisd-new at seton.org Subject: ftp-proxy question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 14:56:25 -0000 I am having problems passing passive ftp traffic via ftp-proxy. Active connection work fine. I tried using the -n flag the control connection doesn't translate the server address so the client attempts to make the control channel connection itself. Unfortunately I cant open up blanket access outbound for whatever random port the ftp server chooses. Does ftp-proxy only handle active connections??? Here are the rules from pf.conf ... rdr on $if_int proto tcp from any to any port 21 -> lo0 port 8021 pass in quick log on $if_int proto tcp from any to lo0 port 8021 keep state pass in quick log on $if_ext proto tcp from any to $if_ext port > 49152 keep state And here is my entry in inetd.conf .... ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -V -D 3 BTW : I haven't seen a single entry in /var/log/messages even with the -D and -V options specified. Did I not specify this correctly or is ftp-proxy just broke in the regard? Thanks in advance, -Matthew