Date: Fri, 3 Oct 2008 11:11:57 +0200 From: "Redd Vinylene" <reddvinylene@gmail.com> To: questions@freebsd.org, jail@freebsd.org, pf@freebsd.org Subject: Jail, pf and ftpd: Connection refused Message-ID: <f1019d520810030211u29325345r2e389718ba987892@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Greetings ladies and gentlemen!
Why does the below pf.conf (run from box1) give me
"getpeername(control_sock): Transport endpoint is not connected,
Socket error (Connection refused) - reconnecting" when trying to log
onto box3 via passive FTP? Active FTP gives me "425 Can't build data
connection: Connection refused." (box2 and box3 are jails running off
box1)
-
root@box1# cat /etc/pf.conf
box1 = "80.203.2.2"
box2 = "80.203.2.3"
box3 = "{ 80.203.2.4 [...] 80.203.2.127 }"
ext_if = "rl0"
set block-policy return
set skip on { lo0 }
scrub in
pass out keep state
block in
pass in on $ext_if inet proto tcp from any to any port { 22 } keep state
pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80,
110 } keep state
pass in on $ext_if inet proto udp from any to $box2 port 53 keep state
pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113
} keep state
pass in on $ext_if inet proto icmp from any to any keep state
-
root@box3# cat /etc/inetd.conf
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
-
I hope I've been verbose enough. Thank you!
--
http://www.home.no/reddvinylene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f1019d520810030211u29325345r2e389718ba987892>