Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 Jan 2008 11:31:21 -1000
From:      NetOpsCenter <noc@hdk5.net>
To:        Matthias Kellermann <matthias@adminlife.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Outgoing FTP connections with pf and ftp-proxy
Message-ID:  <479CF829.1010705@hdk5.net>
In-Reply-To: <479CD201.7050000@adminlife.net>
References:  <479CD201.7050000@adminlife.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Matthias Kellermann wrote:
> Hi list,
>
> I'm trying to get outgoing FTP sessions to work with pf and
> ftp/ftp-proxy in a NAT environment.
>
> My simple config on a test machine looks like this:
> ------------------------------------------------------------------
> int_if = "rl0"
> localnet = "192.168.0.0/24"
> tcp_services = "{ ssh, domain, www, https, ftp }"
> udp_services = "{ domain }"
>
> nat on $int_if from $localnet to any -> ($int_if)
>
> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>
> block all
>
> pass from $localnet to any keep state
> pass proto udp to any port $udp_services keep state
>
> pass out proto tcp to any port $tcp_services keep state
>
> pass in proto tcp from any to any user proxy keep state
> pass in proto tcp from any to any port ssh keep state
> ------------------------------------------------------------------
>
> FTP login works fine. But if I want to do a "ls" on the FTP server I get
> the following error on the client (no matter if NAT client or gateway):
>
> 425 Failed to establish connection.
>
> Any idea whats wrong with my setup?
>
> Thanks,
> Matthias
>
>
>   
Aloha Matthias,

I am having the same ftp problem on  servers that are on  an ATM 5 IP 
circuit.  There is no NAT involved with one of these. The outbound FTP 
goes out but I cant get the files to list when I go  inbound  from 
outside on an recognized IP.
SSH on the same box works fine.
It would make my day to get this working.

 ~Al Plant - Honolulu, Hawaii -  Phone:  808-284-2740
  + http://hawaiidakine.com + http://freebsdinfo.org + noc@hdk5.net +
  + http://aloha50.net   - Supporting - FreeBSD 6.* - 7.* +
"All that's really worth doing is what we do for others."- Lewis Carrol

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?479CF829.1010705>