PF and ftp-proxy
Axel S. Gruner
liste at encephalon.de
Mon Jun 20 16:38:58 GMT 2005
Hi,
Am 19.06.2005 um 18:54 schrieb Andy Hilker:
> /etc/inetd.conf
> -----------------
> ftp-proxy stream tcp nowait root /usr/libexec/ftp-
> proxy ftp-proxy -u proxy -m 55000 -M 57000 -t 180
>
>
> /etc/rc.conf
> --------------
> inetd_enable="YES"
>
>
> pf.conf, parts of ftp section
> ------------------------------
> # default deny
> block all
>
> # local loopback traffic
> pass quick on lo0 all
>
> # redirect ftp to local proxy
> rdr on $intern_if proto tcp from $intern_net to any port 21 ->
> 127.0.0.1 port 8021
>
>
> # ftp for all
> pass log quick proto tcp from <protected_lans> to
> 127.0.0.1 port 8021 keep state
> block in log quick proto tcp from !<protected_lans> to
> 127.0.0.1 port 8021
> pass out log quick proto tcp from <host_firewall> to
> <protected_lans> port > 1023 keep state
>
> # Allow remote FTP servers (on data port 20) to respond to the
> proxy's
> # active ftp
> # to internet
> pass in log quick on $extern_if proto tcp from any port 20 to
> $extern_if port 55000 >< 57000 flags S/SA keep state
> pass out log quick on $extern_if proto tcp from $extern_if to any
> port {20,21} flags S/AUPRFS modulate state
> pass out log quick on $extern_if proto tcp from $extern_if port
> 55000 >< 57000 to any flags S/SAFR keep state
>
Thanks for your quick reply.
I tried your configuration, and, know what? It works perfectly for me.
Thanks a lot.
asg
More information about the freebsd-pf
mailing list