ftp-proxy or pftpx problem with FreeBSD 6.1
Jeremy C. Reed
reed at reedmedia.net
Thu Nov 2 23:51:37 UTC 2006
> ### First method with ftp-proxy.
>
> # rc.conf
>
> i added these lines:
>
> inetd_enable="YES"
> inetd_flags="-wW -c 60 -a 127.0.0.1"
>
> # inetd.conf
>
> I have this line:
>
> ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
>
> After a reboot and with sockstat -4 command i have:
>
> root inetd 583 5 tcp4 127.0.0.1:8021
>
> # pf.conf
>
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port
> 8021
>
> anchor "ftp-proxy/*"
> pass out proto tcp from $int_inf to any port 21 keep state
What version of ftp-proxy are you using?
The ftp-proxy with FreeBSD 6.x doesn't use PF anchors.
> Well, after i used ftp command the connexion works fine but with ls command
> i have this:
>
> ftp>ls
> 229 Entering Extended Passive Mode (|||9576|)
> 200 EPRT command successful Consider using EPSV.
>
> and after 40 seconds i have this:
> 150 Here comes the directory listing.
> ftp: poll timeout waiting before accept: Operation not permitted
> 426 Failure writing network stream.
> 225 No transfer to ABOR.
> ftp>
>
> I don't what happend but i think, the rdr don't work but why ? I don't know.
What is your entire pf.conf?
Have a look at your ftp-proxy manual page. You need to also allow the
connections inbound. The man page has a two examples of this and mentions
-u and -m and -M ftp-proxy options.
As for your pftpx tests, use pfctl to show the rules for your "pftpx"
anchor. Maybe that will tell you something.
<advertisement>ISBN 0-9790342-0-5</advertisement>
More information about the freebsd-pf
mailing list