Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 May 2005 23:55:03 +0800
From:      Fai <fai@g2019.net>
To:        Matthew Grooms <mgrooms@seton.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: ftp-proxy question
Message-ID:  <ACA9C73C-55C9-4567-890E-8D912CA34DAC@g2019.net>
In-Reply-To: <428B58AE.9000807@seton.org>
References:  <428B58AE.9000807@seton.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
My setup is follow this site (mine is FreeBSD 5.3 + pf)
http://www.aei.ca/~pmatulis/pub/obsd_ftp.html

it seems that some option of the ftp-proxy is wrong
> ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
> proxy ftp-proxy -V -D 3

should be
ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
proxy ftp-proxy -u proxy -m lowport -M highport -t timeout
e.g.
ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
proxy ftp-proxy -u proxy -m 20000-M 22000 -t 180

and a fw rules
pass in on $if_ext inet proto tcp from any port = ftp-data to  
202.134.126.226 port 20000 >< 22000 user = 62 flags S/SA keep state


hope the information help

cheers,
Fai

On 18 May 2005, at 11:01 PM, Matthew Grooms wrote:

> I am having problems passing passive ftp traffic via ftp-proxy.  
> Active connection work fine. I tried using the -n flag the control  
> connection doesn't translate the server address so the client  
> attempts to make the control channel connection itself.  
> Unfortunately I cant open up blanket access outbound for whatever  
> random port the ftp server chooses. Does ftp-proxy only handle  
> active connections???
>
> Here are the rules from pf.conf ...
>
> rdr on $if_int proto tcp from any to any port 21 -> lo0 port 8021
> pass in quick log on $if_int proto tcp from any to lo0 port 8021  
> keep state
> pass in quick log on $if_ext proto tcp from any to $if_ext port >  
> 49152 keep state
>
> And here is my entry in inetd.conf ....
>
> ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
> proxy ftp-proxy -V -D 3
>
> BTW : I haven't seen a single entry in /var/log/messages even with  
> the -D and -V options specified. Did I not specify this correctly  
> or is ftp-proxy just broke in the regard?
>
> Thanks in advance,
> -Matthew
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ACA9C73C-55C9-4567-890E-8D912CA34DAC>