ftp-proxy with pf

Ivan Levchenko levchenko.i at gmail.com
Mon Aug 14 19:27:27 UTC 2006 

Hello Gilberto,

No, that wouldn't work, there is no sense in adding a nat rule to the
internal interface.

I just found out why it didn't work. All this time, I was using active
ftp on my ubuntu box. when i switched to passive, it all worked like a
charm. found it on some forum archive .. forgot the link. on linux the
env setting for passive ftp doesn't work.. .i never knew that.. you
have you add -p to the ftp command or start it using pftp..

On 8/14/06, Gilberto Villani Brito <linux at giboia.org> wrote:
> Try using this rule:
> nat on $int_if from any to any port 21 -> 127.0.0.1 port 8021
>
>
> Gilberto
>
>
> 2006/8/13, Ivan Levchenko < levchenko.i at gmail.com>:
> >
> Hi everybody,
>
> having some troubles with ftp-proxy on my gateway at home: the darn
> thing gets me connected to an outside ftp server, but won't let me do
> anything else with it.
>
> the gateway computer is freebsd (it is running pf with nat to share
> and secure a pppoe connection); the client computer is running kubuntu
> 6.06.
>
> here is what i get when trying to connect to a ftp server behind the nat:
>
> $ ftp ftp.freebsd.org
> Connected to ftp.freebsd.org .
> 220 ftp.FreeBSD.org NcFTPd Server (licensed copy) ready.
> Name (ftp.freebsd.org:ivan): ftp
> 331 Guest login ok, send your complete e-mail address as password.
> Password:
> 230-You are user #112 of 1000 simultaneous users allowed.
> 230-
> 230 Logged in anonymously.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 550 Data connection must go to same host as control connection.
> ftp: bind: Address already in use
> ftp>
>
> or i get this error when connecting to a different ftp server (vsftpd):
> 500 Illegal PORT command.
> ftp: bind: Address already in use.
>
> i read the ftp-proxy and pf.conf man pages and have google-ed more
> than my brain can comprehend but still no answer for this.
>
> i attached the conf files for pf.conf and inetd.conf
>
> any help (the right keyword to google with will be nice too!!!) will be
> great!
>
> --
> Best Regards,
>
> Ivan Levchenko
> levchenko.i at gmail.com
>
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "
> freebsd-pf-unsubscribe at freebsd.org"
>
>
>
>
>


-- 
Best Regards,

Ivan Levchenko
levchenko.i at gmail.com

More information about the freebsd-questions mailing list