Hi,
Am 19.06.2005 um 18:54 schrieb Andy Hilker:
/etc/inetd.conf
-----------------
ftp-proxy stream tcp nowait root /usr/libexec/ftp-
proxy ftp-proxy -u proxy -m 55000 -M 57000 -t 180
/etc/rc.conf
--------------
inetd_enable="YES"
pf.conf, parts of ftp section
------------------------------
# default deny
block all
# local loopback traffic
pass quick on lo0 all
# redirect ftp to local proxy
rdr on $intern_if proto tcp from $intern_net to any port 21 ->
127.0.0.1 port 8021
# ftp for all
pass log quick proto tcp from <protected_lans> to
127.0.0.1 port 8021 keep state
block in log quick proto tcp from !<protected_lans> to
127.0.0.1 port 8021
pass out log quick proto tcp from <host_firewall> to
<protected_lans> port > 1023 keep state
# Allow remote FTP servers (on data port 20) to respond to the
proxy's
# active ftp
# to internet
pass in log quick on $extern_if proto tcp from any port 20 to
$extern_if port 55000 >< 57000 flags S/SA keep state
pass out log quick on $extern_if proto tcp from $extern_if to any
port {20,21} flags S/AUPRFS modulate state
pass out log quick on $extern_if proto tcp from $extern_if port
55000 >< 57000 to any flags S/SAFR keep state
Thanks for your quick reply.
I tried your configuration, and, know what? It works perfectly for me.
Thanks a lot.
asg
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
