ftp-proxy@pf not working on recent current and/or RELENG_5

Divacky Roman xdivac02 at stud.fit.vutbr.cz
Mon Sep 6 06:28:19 PDT 2004


Hi,

with this pf.conf and PROPERLY set up inetd I am not able to use ftp-proxy...
it simply doesnt work and I am pretty sure it worked before. I see this on
RELENG_5 and on -CURRENT too... If I am doing anything wrong pls tell me

pf.conf:

ext_if="vr0"
int_if="xl0"

#normalize packets
scrub in all

altq on $ext_if bandwidth 256Kb cbq queue {ssh_i web other} 
queue ssh_i bandwidth 25% cbq(borrow ecn)
queue web bandwidth 25% cbq(borrow ecn)
queue other bandwidth 50% cbq(borrow default ecn)

#ftp redirection
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
#nat
nat on $ext_if from $int_if:network to any -> ($ext_if)

#rules
#default to block all
block in on $ext_if all
#pass all out while keeping state. and queue it
pass out on $ext_if from any to any keep state queue other
#queuing
pass on $ext_if proto tcp from any to any port ssh keep state queue(ssh_i, other)
pass out on $ext_if proto tcp from any to any port http keep state queue web
#ftp proxy
pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state queue other
#allow icmp
pass in on $ext_if inet proto icmp from any to any



More information about the freebsd-current mailing list