[pf4freebsd] Re: Using authpf
Pyun YongHyeon
yongari at kt-is.co.kr
Wed Sep 15 20:54:58 PDT 2004
On Fri, Oct 24, 2003 at 05:32:02PM +0200, novocaine at free.fr wrote:
> First, I'd like to thank all the contributers of the port of pf to FreeBSD.
>
> I am trying to use authpf on -CURRENT, without success so far. I'd like to
> enable ftp access for user "os" using authpf.
>
> In /usr/local/etc/pf.conf, I have :
> ...
> set block-policy return
> set loginterface $ext_if
> scrub in all
>
> nat-anchor authpf
> rdr-anchor authpf
> binat-anchor authpf
>
> <rules>
>
> anchor authpf in on $ext_if
>
> I have an empty file /usr/local/etc/authpf/authpf.conf and
> /usr/local/etc/authpf/users/os/authpf.rules reads
> $ext_if="tun0"
> pass in quick on $ext_if proto tcp from $user_ip to any port http
>
> I also try to set /usr/local/sbin/authpf as os' shell (as described on
> authpf(8)) but it doesn't seem to work. I had to add authpf to /etc/shells.
>
> Am I doing something wrong?
>
You should add /usr/local/sbin/authpf to shell database(/etc/shells)
in order to authenticate via ssh.
You may also want to see logs from authpf. Add the following lines
to your syslog.conf and touch the file, restart syslogd.
!authpf
*.* /var/log/authpf
BTW, I authenticaed successfylly but got the following errors from
authpf.(running on -CURRENT)
Oct 25 15:33:39 db authpf[693]: DIOCCOMMITRULES Invalid argument
Oct 25 15:33:39 db authpf[693]: removed 192.168.10.6, user pfuser - duration 1067063619 seconds
Oct 25 15:33:39 db authpf[693]: cannot unlink /var/authpf/192.168.10.6 (Permission denied)
This needs more investigation. I'll check.
Thank you for your report!
> Thanks,
>
> - Olivier
>
--
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>
More information about the freebsd-pf
mailing list