Date: Thu, 6 Mar 2008 15:57:39 +0200 From: "Andrey A. Belashkov" <virus@virus.org.ua> To: freebsd-pf@freebsd.org Cc: mlaier@freebsd.org, pf@benzedrine.cx Subject: pf + ftp troubles. Message-ID: <20080306135739.GD79846@web3.hostdad.com>
next in thread | raw e-mail | index | archive | help
Hello.
I need setup non standart nat rules by pf for ftp.
All outgoing ftp connections must nat behind 172.16.5.10 address
assigned by mpd to ng0.
I setup mpd, interface is up and if i use as source address 172.16.5.10
for ftp all is fine. But ftp function in php cant choose source address,
so i need use nat.
When i setup pf with rules:
set optimization normal
set block-policy return
scrub in all
nat on em0 from any to any port { 20 21 } -> 172.16.5.10
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on ng0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
anchor "ftp-proxy/*"
pass out quick on em0 route-to { (ng0 172.16.5.1) } from 172.16.5.10 to any keep state
pass in all
pass out all
and start ftp-proxy with keys "-a 172.16.5.10 -r -vv -m 500" and try to
connect any ftp server - server respond and show me his login prompt.
But when i try list files on ftp, client cant setup data connection.
In passive and in active modes.
How i can fix this problem?
OS: FreeBSD 7.0-RELEASE
Thanks,
Andrey.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080306135739.GD79846>