Jail, pf and ftpd: Connection refused
Redd Vinylene
reddvinylene at gmail.com
Sat Oct 4 10:24:11 UTC 2008
On Fri, Oct 3, 2008 at 11:56 AM, Max Laier <max at love2party.net> wrote:
>
> See ftp-proxy(8).
>
> Note that active works with the ruleset you provided (due to the "pass out
> keep state"-rule), but there is obviously a firewall problem on the client
> preventing that.
>
Are you sure I need ftp-proxy? I opened the datarange 49152:65535 and
now I no longer get a connection refused. I seem to be able to list,
download, you know the usual stuff. I still get the
"getpeername(control_sock): Transport endpoint is not connected"
though.
If I do need ftp-proxy, I take it it's the "FTP Server Protected by an
External PF Firewall Running NAT" at
http://www.openbsd.org/faq/pf/ftp.html that applies to my setup? I
can't quite comprehend the nat/rdr rules in that example, as I ain't
really got an int_if. As I stated earlier, I have a FreeBSD server
running pf and two jails, and I'm trying to get ftpd running smoothly
inside one of those jails.
Thank you so much.
--
http://www.home.no/reddvinylene
More information about the freebsd-pf
mailing list