Date: Mon, 20 Jun 2005 18:40:43 +0200 From: "Axel S. Gruner" <liste@encephalon.de> To: Andy Hilker <ah@crypta.net> Cc: freebsd-pf@freebsd.org Subject: Re: PF and ftp-proxy Message-ID: <42AC52F5-569E-47FD-8B2C-45FEF0B25C70@encephalon.de> In-Reply-To: <20050619165423.GC32104@mail.crypta.net> References: <9B7F1DC1-E8D1-4887-A0C9-A1F74269258B@encephalon.de> <20050619165423.GC32104@mail.crypta.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
Am 19.06.2005 um 18:54 schrieb Andy Hilker:
> /etc/inetd.conf
> -----------------
> ftp-proxy stream tcp nowait root /usr/libexec/ftp-
> proxy ftp-proxy -u proxy -m 55000 -M 57000 -t 180
>
>
> /etc/rc.conf
> --------------
> inetd_enable="YES"
>
>
> pf.conf, parts of ftp section
> ------------------------------
> # default deny
> block all
>
> # local loopback traffic
> pass quick on lo0 all
>
> # redirect ftp to local proxy
> rdr on $intern_if proto tcp from $intern_net to any port 21 ->
> 127.0.0.1 port 8021
>
>
> # ftp for all
> pass log quick proto tcp from <protected_lans> to
> 127.0.0.1 port 8021 keep state
> block in log quick proto tcp from !<protected_lans> to
> 127.0.0.1 port 8021
> pass out log quick proto tcp from <host_firewall> to
> <protected_lans> port > 1023 keep state
>
> # Allow remote FTP servers (on data port 20) to respond to the
> proxy's
> # active ftp
> # to internet
> pass in log quick on $extern_if proto tcp from any port 20 to
> $extern_if port 55000 >< 57000 flags S/SA keep state
> pass out log quick on $extern_if proto tcp from $extern_if to any
> port {20,21} flags S/AUPRFS modulate state
> pass out log quick on $extern_if proto tcp from $extern_if port
> 55000 >< 57000 to any flags S/SAFR keep state
>
Thanks for your quick reply.
I tried your configuration, and, know what? It works perfectly for me.
Thanks a lot.
asg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42AC52F5-569E-47FD-8B2C-45FEF0B25C70>