pf rdr ftp-proxy problem

Shane James shane at phpboy.co.za
Wed Aug 17 20:17:08 GMT 2005 

Hey all... it doesn't seem like my ftp-proxy rdr is working properly. I've activated ftp-proxy in inetd and I think it's working... because I can connect to an ftp server but I can't lsit files.

I'm not sure where I've gone wrong...

Here's my pf.conf

#pf.conf
# Macros
ext_if="rl1"    # ADSL Interface
virtek_if="rl0" # Virtek/Sdata/Maverix Interface
customers_if="rl2" # Customers Interface

int_net="192.168.0.0/16"        # Internal Networks
virtek_net="192.168.16.0/24"    # Virtek Network

table <customer_net> { 192.168.0.0/16, !192.168.16.0/24 }

# Options
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface none
set optimization normal
set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"

# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all

# NAT Rule for all internal networks
nat on $ext_if from 192.168.0.0/16 to any -> ($ext_if)

# BINAT Rule for SDATA Windows Server
binat on rl1 from 192.168.16.3 to any -> 196.26.21.124

# Redirect all SMTP Traffic Through Local SMTP Server
rdr on {rl0, rl2} proto tcp from any to any port 25 -> 127.0.0.1 port 25

# Redirect all ftp traffic through local ftp-proxy service
rdr on $virtek_if proto tcp from $virtek_net to any port 21 -> 192.168.16.1 port 8021

# HTTP Transparent Proxy Redirect (Squid)
# Virtek/SDATA/Maverix HTTP Redirect
#rdr on $virtek_if proto tcp from $virtek_net to any port 80 -> 127.0.0.1 port 8080

#Customers HTTP Redirect
rdr on $customers_if proto tcp from <customers_net> to any port 80 -> 127.0.0.1 port 8080

# Filtering: the implicit first two rules are
pass in all
pass out all

More information about the freebsd-pf mailing list