enable passive/active ftp
Max Laier
max at love2party.net
Fri Jul 28 23:07:51 UTC 2006
On Friday 28 July 2006 19:49, eculp at bafirst.com wrote:
> Quoting elmer <elmer.rivera at gmail.com>:
> > Hi all,
> >
> > I am using pf on freebsd6.1. how do I enable ftp passive and active.
> > Im following the pfmanual but my users cant establish a connection.
> > Is there a debugging for the ftp-proxy?
>
> IIRC you need to open the following ports for pasive ftp but I could be
> wrong. I seldom allow ftp.
>
> # pass in on $ext_if inet proto tcp from any to ($ext_if) port
> 49152:65534 flags S/SA keep state
>
> I also redirect ftp to a non-priviledged port something like:
>
> # rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 10021
>
> You will need to configure your ftp daemon also and then season to
> taste and it should work. Someone please correct me, if I've missed
> something.
I suggest looking at ftp/pftpx from ports. It is much better than the
ftp-proxy we have in base and (iff I finally get round to finishing a new
import from OpenBSD) will eventually replace the version in base.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060728/23c8cdfd/attachment.pgp
More information about the freebsd-pf
mailing list