Date: Tue, 28 Mar 2006 20:39:11 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Peter <petermatulis@yahoo.ca> Cc: Renato Botelho <rbgarga@gmail.com>, freebsd-stable@freebsd.org Subject: Re: Problems with pf + ftp-proxy on gateway Message-ID: <442990DF.1040300@infracaninophile.co.uk> In-Reply-To: <20060328190609.28643.qmail@web60013.mail.yahoo.com> References: <20060328190609.28643.qmail@web60013.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7851B6B7248D425390898EAF Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Peter wrote: > --- Renato Botelho <rbgarga@gmail.com> wrote: >=20 >> I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. >> >> I have this line on inetd.conf: >> >> ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy >> >> ftp-proxy -n >> >> And this lines on pf.conf: >> >> rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port >> ftp-proxy >> pass in quick on $ext_if inet proto tcp from any port ftp-data to >> $ext_if:0 user proxy flags S/SA keep state >> >> When one machine inside my network (e.g. 192.168.x.x) connects to an >> external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't >> work. >> >> Connection comes to my firewall and is accepted but connection is not >> established and stay like this here: >> >> self tcp 200.x.x.x:57625 <- 200.x.x.x:20 ESTABLISHED:FIN_WAIT_2 >=20 > You need to decide whether you are working with passive ftp clients > (probably), active, or both. Or use the ftp/pftpx port, which handles proxying all types of active and= passive FTP. That's the successor to ftp-proxy(8) due to be released shortly as part of OpenBSD 3.9, and documented at: http://www.openbsd.org/cgi-bin/man.cgi?query=3Dftp-proxy&apropos=3D0&sekt= ion=3D0&manpath=3DOpenBSD+Current&arch=3Di386&format=3Dhtml Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig7851B6B7248D425390898EAF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEKZDl8Mjk52CukIwRA0X5AJ9Sa1jjsactdUkFs5G3IOiRvFqJiQCdHdl1 XIXf9AOgfwrUELcuh0pCNLM= =ZUtN -----END PGP SIGNATURE----- --------------enig7851B6B7248D425390898EAF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442990DF.1040300>