ftp-proxy question

Fai fai at g2019.net
Wed May 18 08:54:46 PDT 2005 

My setup is follow this site (mine is FreeBSD 5.3 + pf)
http://www.aei.ca/~pmatulis/pub/obsd_ftp.html

it seems that some option of the ftp-proxy is wrong
> ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
> proxy ftp-proxy -V -D 3

should be
ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
proxy ftp-proxy -u proxy -m lowport -M highport -t timeout
e.g.
ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
proxy ftp-proxy -u proxy -m 20000-M 22000 -t 180

and a fw rules
pass in on $if_ext inet proto tcp from any port = ftp-data to  
202.134.126.226 port 20000 >< 22000 user = 62 flags S/SA keep state


hope the information help

cheers,
Fai

On 18 May 2005, at 11:01 PM, Matthew Grooms wrote:

> I am having problems passing passive ftp traffic via ftp-proxy.  
> Active connection work fine. I tried using the -n flag the control  
> connection doesn't translate the server address so the client  
> attempts to make the control channel connection itself.  
> Unfortunately I cant open up blanket access outbound for whatever  
> random port the ftp server chooses. Does ftp-proxy only handle  
> active connections???
>
> Here are the rules from pf.conf ...
>
> rdr on $if_int proto tcp from any to any port 21 -> lo0 port 8021
> pass in quick log on $if_int proto tcp from any to lo0 port 8021  
> keep state
> pass in quick log on $if_ext proto tcp from any to $if_ext port >  
> 49152 keep state
>
> And here is my entry in inetd.conf ....
>
> ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp- 
> proxy ftp-proxy -V -D 3
>
> BTW : I haven't seen a single entry in /var/log/messages even with  
> the -D and -V options specified. Did I not specify this correctly  
> or is ftp-proxy just broke in the regard?
>
> Thanks in advance,
> -Matthew
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

More information about the freebsd-pf mailing list