From owner-freebsd-questions@FreeBSD.ORG Thu Jul 31 15:07:51 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B3DD1C84 for ; Thu, 31 Jul 2014 15:07:51 +0000 (UTC) Received: from smtp1.bway.net (smtp1.v6.bway.net [IPv6:2607:d300:1::27]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9080A2AAB for ; Thu, 31 Jul 2014 15:07:51 +0000 (UTC) Received: from gecko3.bs.net (host-216-220-115-88.dsl.bway.net [216.220.115.88]) (using SSLv3 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mfv@bway.net) by smtp1.bway.net (Postfix) with ESMTPSA id 0EA829586F for ; Thu, 31 Jul 2014 11:07:43 -0400 (EDT) Date: Thu, 31 Jul 2014 11:07:42 -0400 From: mfv To: freebsd-questions@freebsd.org Subject: pf / firewall with ftp-proxy In-Reply-To: <87egx2slkh.fsf@elke.bsdly.net> References: <53D1BFB5.60804@herveybayaustralia.com.au> <87egx2slkh.fsf@elke.bsdly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2014 15:07:51 -0000 On 30 Jul 2014 21:17:34 +0200 peter@bsdly.net (Peter N. M. Hansteen) wrote: > Da Rock writes: > > > Jumping in to this little fray... you're exactly right. But the > > handbook for pf says to go to openbsd for "better" info on how to > > setup pf, which then has instructions using a syntax that doesn't > > exist on FreeBSD. This is not just about google searches - although > > users end up going there because of the syntax issues. > > That was the case for a long time, but fortunately if you take a peek > at > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html > now, it has a lot more text than it used to (based on my pf tutorial, > but extensively massaged by others) and an explicit warning on top > about the syntax differences. > > - Peter Hello Peter, Thanks for your comment and explanation of pf in the handbook. I also bought your book some years ago and found it to be very useful. However, I still have problems with ftp-proxy. From the handbook example I understand that it is _NOT_ possible to set it up on a client with only an external interface, though I'm not certain of this. My system is very simple: Host <--> Linksys Router <--> Modem <--> Internet Is it possible to to set up pf on the host as an ftp client without opening up all the ports above 1024? If so how? With thanks __o _.\<,_ Marek (+)/ (+) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~