Outgoing FTP connections with pf and ftp-proxy
Matthias Kellermann
matthias at adminlife.net
Sun Jan 27 10:48:39 PST 2008
Hi list,
I'm trying to get outgoing FTP sessions to work with pf and
ftp/ftp-proxy in a NAT environment.
My simple config on a test machine looks like this:
------------------------------------------------------------------
int_if = "rl0"
localnet = "192.168.0.0/24"
tcp_services = "{ ssh, domain, www, https, ftp }"
udp_services = "{ domain }"
nat on $int_if from $localnet to any -> ($int_if)
rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
block all
pass from $localnet to any keep state
pass proto udp to any port $udp_services keep state
pass out proto tcp to any port $tcp_services keep state
pass in proto tcp from any to any user proxy keep state
pass in proto tcp from any to any port ssh keep state
------------------------------------------------------------------
FTP login works fine. But if I want to do a "ls" on the FTP server I get
the following error on the client (no matter if NAT client or gateway):
425 Failed to establish connection.
Any idea whats wrong with my setup?
Thanks,
Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080127/ea8b37e0/signature.pgp
More information about the freebsd-questions
mailing list