Date: Thu, 23 Dec 2004 07:05:26 +0100 From: Jeremie Le Hen <jeremie@le-hen.org> To: Didier Wiroth <didier.wiroth@mcesr.etat.lu> Cc: freebsd-pf@freebsd.org Subject: Re: pfS ftp-proxy binding to 127.0.0.1 Message-ID: <20041223060526.GH675@obiwan.tataz.chchile.org> In-Reply-To: <8e3f9722ef1.41c8e20b@etat.lu> References: <8e3f9722ef1.41c8e20b@etat.lu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 22, 2004 at 02:55:07AM +0100, Didier Wiroth wrote: > HI, > I'm still trying openbsd and freebsd. > > I'm setting a pppoe router , using pf and ftp-proxy. > On openbsd you can bind ftp-proxy to the localhost address, openbsd's > ftp-proxy only listens to 127.0.0.1 like this: > 127.0.0.1:8021 > > On freebsd it listens on all ip addresses, here is the result of sockstat: > root inetd 750 4 tcp4 *:8021 *:* > > I do understand that I can explicitly add a pf rule to deny or allow > access to the proxy but to enforce security is it possible to bind > ftp-proxy so that it only listens to the localhost. This may be a bit off-topic, but you may want to have a look at a new FTP proxy for pf(4): pftpx http://marc.theaimsgroup.com/?l=openbsd-misc&m=110129991118018&w=2 Regards, -- Jeremie Le Hen jeremie@le-hen.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041223060526.GH675>