Date: Mon, 20 Jun 2005 18:40:43 +0200 From: "Axel S. Gruner" <liste@encephalon.de> To: Andy Hilker <ah@crypta.net> Cc: freebsd-pf@freebsd.org Subject: Re: PF and ftp-proxy Message-ID: <42AC52F5-569E-47FD-8B2C-45FEF0B25C70@encephalon.de> In-Reply-To: <20050619165423.GC32104@mail.crypta.net> References: <9B7F1DC1-E8D1-4887-A0C9-A1F74269258B@encephalon.de> <20050619165423.GC32104@mail.crypta.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Am 19.06.2005 um 18:54 schrieb Andy Hilker: > /etc/inetd.conf > ----------------- > ftp-proxy stream tcp nowait root /usr/libexec/ftp- > proxy ftp-proxy -u proxy -m 55000 -M 57000 -t 180 > > > /etc/rc.conf > -------------- > inetd_enable="YES" > > > pf.conf, parts of ftp section > ------------------------------ > # default deny > block all > > # local loopback traffic > pass quick on lo0 all > > # redirect ftp to local proxy > rdr on $intern_if proto tcp from $intern_net to any port 21 -> > 127.0.0.1 port 8021 > > > # ftp for all > pass log quick proto tcp from <protected_lans> to > 127.0.0.1 port 8021 keep state > block in log quick proto tcp from !<protected_lans> to > 127.0.0.1 port 8021 > pass out log quick proto tcp from <host_firewall> to > <protected_lans> port > 1023 keep state > > # Allow remote FTP servers (on data port 20) to respond to the > proxy's > # active ftp > # to internet > pass in log quick on $extern_if proto tcp from any port 20 to > $extern_if port 55000 >< 57000 flags S/SA keep state > pass out log quick on $extern_if proto tcp from $extern_if to any > port {20,21} flags S/AUPRFS modulate state > pass out log quick on $extern_if proto tcp from $extern_if port > 55000 >< 57000 to any flags S/SAFR keep state > Thanks for your quick reply. I tried your configuration, and, know what? It works perfectly for me. Thanks a lot. asg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42AC52F5-569E-47FD-8B2C-45FEF0B25C70>