Problem with Passive FTP through PF
Michael K. Smith - Adhost
mksmith at adhost.com
Mon Oct 6 15:37:35 UTC 2008
Hello All:
We are running the following:
- FreeBSD 6.3 Release #1
- PF
- pftpx for our ftp proxy
We have several ftp servers of different flavors behind the PF firewalls and we are getting a lot of the following when users are trying to connect using passive mode.
"Server sent passive reply with unroutable address"
We're running pftpx as a daemon with no specific flags. From a ps:
proxy 4845 0.0 0.0 1452 1100 ?? Is 27Sep08 0:02.13 /usr/local/sbin/pftpx
Here is a sample of the rules we are using to allow traffic and to proxy. The server macros are defined and working correctly. Any help would be greatly appreciated.
nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr on ! $vlan10_if proto { udp tcp } from any to $f1_cps01_ext0 port { 80 443 2087 2083 ftp 49152:65535 } -> $f1_cps01_int0 sticky-address
rdr on ! $vlan10_if proto { udp tcp } from any to $f1_cps01_ext1 port { 80 443 ftp 49152:65535 } -> $f1_cps01_int1 sticky-address
--
Michael K. Smith - CISSP, GISP
Chief Technical Officer - Adhost Internet LLC
mksmith at adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081006/8d887d87/PGP.pgp
More information about the freebsd-questions
mailing list