Pftpx for incoming ftp connections FTP Server INSIDE the firewall
manjoine
chris at disentropy.com
Fri Mar 24 15:43:13 UTC 2006
I am trying to use pftpx to solve the "strict" ftp clients (clients that
want data connections to the same IP as the control connection) issue on a
FTP Server INSIDE the firewall
I found out that I can't use port redirects on all my external IPS since the
FTP Clients have IP Strictness
It is the classic Passive FTP problem. I have a firewall in front of an ftp
server. I have multiple Ips bound to the Firewall that need to goto the same
FTP server (thus the IP issue with strictness)
SO I want a pf.conf that will allow me to allow all incoming PASSIVE and
ACTIVE FTP connections to any of the Ips to goto the one FTP server
I assume that I can use pftpx to proxy all incoming connections?
I found only this reference to a possible solution, but I cant seem to get
it to work in my pf.conf
http://wiki.pfsense.com/wikka.php?wakka=IncomingFTPHowToCan
anyone give me an example of how that would be done?
Below is a trimmed down version of my pf.conf with the rules for outbound
pftpx which is working great but in need imbound.
int_if=fpx0
ext_if=fxp1
int_net="192.168.0.0/24"
ext_net="{232.333.333.2,232.333.333.3,232.333.333.4}"
#FTP out from int_net
nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr pass on $int_if proto tcp from $int_net to any port 21 -> 127.0.0.1 port
8021
#In the rule section:
anchor "pftpx/*"
More information about the freebsd-pf
mailing list