pf and ftp client
dave
dmehler26 at woh.rr.com
Sun Dec 19 09:51:11 PST 2004
Hello,
I've got a 5.3 box running pf. I want to use it as an ftp client, it's
already going through a nat firewall. My problem is when i try to download a
port via make install and any ftp url is referenced the site can not be
contacted. I'm not sure which mode this is using active or passive. This
machine has only one nic in it. I have included my relevant ftp pf rules
below.
Any help appreciated.
Thanks.
pf.conf:
# options
set loginterface none
set optimization normal
set block-policy drop
scrub in on $ext_if all
scrub out all random-id max-mss 1440
# nat ftp-proxy
rdr on $ext_if proto tcp from any to any port 21 -> $ext_addr port 8021
# activate spoofing protection for the internal interface.
antispoof quick for $ext_if inet
# allow active ftp, passive is handled
# by the ftp-proxy and the nat rdr rule
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags
S/SA keep state
# allow out ftp
pass out quick on $ext_if proto tcp from any to any port = 21 flags S/SA
modulate state
More information about the freebsd-pf
mailing list