Problem with ftp-proxy

Gilberto Villani Brito linux at giboia.org
Tue May 9 13:33:56 UTC 2006 

Why don't you use only this in your pf.conf??

# rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

# pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags S/SA keep state

I belive your problem is for your users using public ftp. Is it correct??

PS: Esse FAQ esta em português http://www.openbsd.org/faq/pf/pt/ftp.html#client

Gilberto


On Mon, 8 May 2006 13:15:12 -0700 (PDT)
Matheus Lamberti <matheuslamberti at yahoo.com> wrote:

> Hello list,
> 
>  Whell, i have implemented a firewall with the default
> police "block all", i made very restritive rules
> allowing only some connecting ports from the machines
> of my LAN.
>  My problem is, the ftp-proxy is working...
>  * inetd call then with my flags
>  * the ftp transaction starts
>  * but i can recieve back the answer from the remote
> server
> 
>  Bellow is a part of my pf.conf file ...
> 
> -- start --
> # ftp-proxy
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr pass on $if_intr proto tcp to port ftp ->
> 127.0.0.1 port 8021
> 
> # rules
> anchor "ftp-proxy/*"
> pass out on $if_adsl proto udp from $if_adsl to any
> port $udp_sai keep state
> pass out on $if_adsl proto tcp from $if_adsl to any
> port $tcp_sai flags $flagtcp modulate state
> pass out on $if_adsl proto tcp from $if_adsl to any
> port $tcp_ent flags $flagtcp modulate state
> pass in  on $if_adsl from any to $srv_vip modulate
> state
> pass in  on $if_adsl from any to $if_adsl keep state
> pass out on $if_intr from any to $intrant modulate
> state
> pass in  on $if_intr proto udp from $intrant to any
> port $udp_sai keep state
> pass in  on $if_intr proto tcp from $intrant to any
> port $tcp_sai flags $flagtcp keep state
> pass in  on $if_intr proto tcp from $intrant to any
> port $tcp_ent flags $flagtcp keep state
> pass in  on $if_intr proto { tcp, udp } from $intrant
> to $srv_bsd port $dhcp_pt keep state
> pass in  on $if_intr proto { tcp, udp } from $ip_voip
> to any keep state
> -- end --
> 
> 
> 
> Matheus Lamberti de Abreu
> BSD UserID: 051370 / ICQ UIN: 58854189
> 
> " Diante da vastidão do tempo...
> E da  imensidão do universo,
> É um  imenso prazer pra mim,
> Dividir um planeta e  uma época com você! " ( Carl Sagan )
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

More information about the freebsd-pf mailing list