PF - ftp passive mode.
Huzeyfe Onal
huzeyfe.onal at gmail.com
Fri May 12 13:06:59 UTC 2006
Hi,
you need following rules++
pass in on em0 proto tcp from any to 192.168.0.2 port 21 keep state
pass in on em0 proto tcp from any to 192.168.0.2 port 49512 >< 65535 keep state
and
your FTP server's Passive ports interval must be 49152:65535 ?
On 5/12/06, Gilberto Villani Brito <linux at giboia.org> wrote:
> Hello,
> I have a ftp server in a DMZ and this is not accepting passive conections.
> I tryed ipfw + natd and it works.
> I am using this rules:
> # rdr on em0 proto tcp from any to 200.250.23.1 port 21 -> 192.168.0.2 port 21
> # rdr on em0 proto tcp from any to 200.250.23.1 port 49152:65535 -> 192.168.0.2 port 49152:65535
>
> # pass in on em1 from 192.168.0.0/24 to any keep state
> # pass out on em1 from any to 192.168.0.0/24 keep state
>
> http://www.openbsd.org/faq/pf/ftp.html#natserver
>
> What is the problem??? Don't PF make nat for passive ftp??
>
> Gilberto
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
--
Huzeyfe ÖNAL
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/
More information about the freebsd-pf
mailing list