LAN FTP problem with sample PF ruleset
Gareth Bailey
gjbailey at gmail.com
Tue Jul 5 12:09:52 GMT 2005
Hi all,
My LAN doesn't have FTP access using the sample PF ruleset from the openbsd
site.
My rules are as follows, any help as to where I'm going wrong would be
great, thanks!
RULESET:
# macros
int_if = "xl0"
ext_if = "rl0"
# tcp_services = "{ 22, 113 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8 <http://127.0.0.0/8>, 0.0.0.0/8<http://0.0.0.0/8>,
192.168.0.0/16 <http://192.168.0.0/16>, 172.16.0.0/12 <http://172.16.0.0/12>,
10.0.0.0/8 <http://10.0.0.0/8> }"
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 21 ->
127.0.0.1<http://127.0.0.1>port 8021
# filter rules
block all
pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
# pass in on $ext_if proto tcp from any to $comp3 port 80 flags S/SA
synproxy state
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags
S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
More information about the freebsd-questions
mailing list