From owner-freebsd-pf@FreeBSD.ORG Sat Oct 4 10:24:11 2008 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C0711065691 for ; Sat, 4 Oct 2008 10:24:11 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156]) by mx1.freebsd.org (Postfix) with ESMTP id 15B1E8FC23 for ; Sat, 4 Oct 2008 10:24:10 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so1276009fgb.35 for ; Sat, 04 Oct 2008 03:24:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=Rpfn7u4i7E8A8+WFpRIySp8orkSa42k5jPc15q9Ju18=; b=MRN7wZFTYGV/DdMk5/hu6R3AkZRrQSyHliwLpSLPRX/X9RQLh4CmwUdf1dXEM6dAa4 q3Np83H1SArbKE4pc9Ndpk3jN0p/HrSSefbNjEnuuYpUe/zWg2UPyjEJ/8tm4qFDLxQY 6y3+dtnIFf8iREYKmAq8qLz99yyfaKWk3GI54= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=stR06iLGL+/9QW1uY1Yc5aCjrFEnqNc5nnlvUSc279JQ7TujbYNxLyRVvmsSausqrX nxDAV4+d9iZyzliCrrOIO0WpwhWj2H7SmwfddeoonvjoYGo95YBMciqGD0hX0dKKETST E/QUG9RgMOVTX64sXIKrKNbAvisqVDHqnbNfU= Received: by 10.103.46.9 with SMTP id y9mr1333976muj.107.1223115849726; Sat, 04 Oct 2008 03:24:09 -0700 (PDT) Received: by 10.103.247.7 with HTTP; Sat, 4 Oct 2008 03:24:09 -0700 (PDT) Message-ID: Date: Sat, 4 Oct 2008 12:24:09 +0200 From: "Redd Vinylene" To: "Max Laier" In-Reply-To: <200810031156.07623.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200810031156.07623.max@love2party.net> Cc: jail@freebsd.org, questions@freebsd.org, pf@freebsd.org Subject: Re: Jail, pf and ftpd: Connection refused X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Oct 2008 10:24:11 -0000 On Fri, Oct 3, 2008 at 11:56 AM, Max Laier wrote: > > See ftp-proxy(8). > > Note that active works with the ruleset you provided (due to the "pass out > keep state"-rule), but there is obviously a firewall problem on the client > preventing that. > Are you sure I need ftp-proxy? I opened the datarange 49152:65535 and now I no longer get a connection refused. I seem to be able to list, download, you know the usual stuff. I still get the "getpeername(control_sock): Transport endpoint is not connected" though. If I do need ftp-proxy, I take it it's the "FTP Server Protected by an External PF Firewall Running NAT" at http://www.openbsd.org/faq/pf/ftp.html that applies to my setup? I can't quite comprehend the nat/rdr rules in that example, as I ain't really got an int_if. As I stated earlier, I have a FreeBSD server running pf and two jails, and I'm trying to get ftpd running smoothly inside one of those jails. Thank you so much. -- http://www.home.no/reddvinylene