Outgoing FTP connections with pf and ftp-proxy
NetOpsCenter
noc at hdk5.net
Sun Jan 27 13:31:24 PST 2008
Matthias Kellermann wrote:
> Hi list,
>
> I'm trying to get outgoing FTP sessions to work with pf and
> ftp/ftp-proxy in a NAT environment.
>
> My simple config on a test machine looks like this:
> ------------------------------------------------------------------
> int_if = "rl0"
> localnet = "192.168.0.0/24"
> tcp_services = "{ ssh, domain, www, https, ftp }"
> udp_services = "{ domain }"
>
> nat on $int_if from $localnet to any -> ($int_if)
>
> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>
> block all
>
> pass from $localnet to any keep state
> pass proto udp to any port $udp_services keep state
>
> pass out proto tcp to any port $tcp_services keep state
>
> pass in proto tcp from any to any user proxy keep state
> pass in proto tcp from any to any port ssh keep state
> ------------------------------------------------------------------
>
> FTP login works fine. But if I want to do a "ls" on the FTP server I get
> the following error on the client (no matter if NAT client or gateway):
>
> 425 Failed to establish connection.
>
> Any idea whats wrong with my setup?
>
> Thanks,
> Matthias
>
>
>
Aloha Matthias,
I am having the same ftp problem on servers that are on an ATM 5 IP
circuit. There is no NAT involved with one of these. The outbound FTP
goes out but I cant get the files to list when I go inbound from
outside on an recognized IP.
SSH on the same box works fine.
It would make my day to get this working.
~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740
+ http://hawaiidakine.com + http://freebsdinfo.org + noc at hdk5.net +
+ http://aloha50.net - Supporting - FreeBSD 6.* - 7.* +
"All that's really worth doing is what we do for others."- Lewis Carrol
More information about the freebsd-questions
mailing list