ftp-proxy or pftpx problem with FreeBSD 6.1

Larkine larkine at gmail.com
Thu Nov 2 23:10:31 UTC 2006 

Hello  :)

I got a laptop with the operating system FreeBSD 6.1 and an ADSL modem
to connect on the internet. I would like to setup a personnal firewall
on my computer and I choose OpenBSD pf. The only network interface is ndis0.

The filtering method is quite simple : everything is blocked and only
what I need is authorized. However I have a problem with FTP protocol.

I tryed ftp-proxy and pftpx without success  :(

### First method with ftp-proxy.

# rc.conf

i added these lines:

inetd_enable="YES"
inetd_flags="-wW -c 60 -a 127.0.0.1"

# inetd.conf

I have this line:

ftp-proxy  stream  tcp  nowait  root  /usr/libexec/ftp-proxy ftp-proxy

After a reboot and with sockstat -4 command i have:

root  inetd  583  5  tcp4  127.0.0.1:8021

# pf.conf

nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port
8021

anchor "ftp-proxy/*"
pass out proto tcp from $int_inf to any port 21 keep state

Well, after i used ftp command the connexion works fine but with ls command
i have this:

ftp>ls
229 Entering Extended Passive Mode (|||9576|)
200 EPRT command successful Consider using EPSV.

and  after 40 seconds i have this:
150 Here comes the directory listing.
ftp: poll timeout waiting before accept: Operation not permitted
426 Failure writing network stream.
225 No transfer to ABOR.
ftp>

I don't what happend but i think, the rdr don't work but why ? I don't know.


### Two method with pftpx

# rc.conf

I added this line:

pftpx_enable="YES"

After a reboot and with sockstat -4 command i have:

proxy    pftpx  495  3  tcp4   127.0.0.1:8021  *:*

# pf.conf

nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port
8021

anchor "pftpx/*"
pass out proto tcp from $int_inf to any port 21 keep state

Well, after i used ftp command the connexion works fine but i have the
same problem.
Just an question, why the rdr dont work at all on my computer ? What
Happened ?

Thank you so much  :)

More information about the freebsd-pf mailing list