Re: pf ftp-proxy forward AND reverse (Help?)

Sat, 16 Apr 2011 13:23:43 -0700 

On 04/11/2011 06:31 PM, Steven R. Gerber wrote:

Hi folks.
I cannot get reverse? ftp to work from my wireless to my LAN.
I seem to have no trouble going from the LAN to the internet.
Any thoughts?




Thanks,
Steven
*************************************************************
pf.conf:

# filter rules and anchor for ftp-proxy(8)
anchor "ftp-proxy/*"
pass in on $wireless_if inet proto tcp to ($wireless_if) port 21
pass out on $int_if inet proto tcp to $ftp_server port 21 user proxy

# Translate outgoing ftp control connections to send them to localhost
# for proxying with ftp-proxy(8) running on port 8021.
#rdr on $int_if proto tcp from any to any port 21 ->  127.0.0.1 port 8021
anchor "ftp-proxy/*"
#pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
pass in quick on $int_if proto tcp to port 21 rdr-to 127.0.0.1 port 8021
*************************************************************



I have the outgoing ftp-proxy listening on the default port.  I have the 
incoming ftp-proxy listening on a different port.  I also have only one 
anchor for ftp-proxy.


anchor "ftp-proxy/*"
pass in on $office_network proto tcp to port ftp rdr-to 127.0.0.1 port 8021

pass in log on $external_interface proto tcp from any to 
$external_interface port ftp flags S/SAFR modulate state (max-src-conn 
15, max-src-conn-rate 5/3, overload <hmmm> flush global) rdr-to 
127.0.0.1 port 8031





$ cat /etc/rc.conf.local
ntpd_flags="-s"         # enabled during install
#
# set these to "NO" to turn them off.  otherwise, they're used as flags
#named_flags="-d 3"     # for normal use: ""
named_flags=""  # for normal use: ""
#dhcpd_flags="" # for normal use: ""
# ISC dhcpd will be invokd via rc.local!!!
#
# set the following to "YES" to turn them on
pf=YES  # Packet filter / NAT

ftpproxy_flags=""       # for normal use: ""
ftpproxy_flags2="-R xxx.xxx.iii.2 -p 21 -b xxx.xxx.www.1"       # for
normal use: ""
#
# miscellaneous other flags
# only used if the appropriate server is marked YES above
pflogd_flags=                   # add more flags, ie. "-s 256"
*************************************************************
rc.local:

# Start ftp-proxy #2
if [ X"${ftpproxy_flags2}" != X"NO" ]; then
         echo -n ' ftp-proxy';   /usr/sbin/ftp-proxy ${ftpproxy_flags2}
fi
*************************************************************
























					Reply via email to