Hello :) I got a laptop with the operating system FreeBSD 6.1 and an ADSL modem to connect on the internet. I would like to setup a personnal firewall on my computer and I choose OpenBSD pf. The only network interface is ndis0.
The filtering method is quite simple : everything is blocked and only what I need is authorized. However I have a problem with FTP protocol. I tryed ftp-proxy and pftpx without success :( ### First method with ftp-proxy. # rc.conf i added these lines: inetd_enable="YES" inetd_flags="-wW -c 60 -a 127.0.0.1" # inetd.conf I have this line: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy After a reboot and with sockstat -4 command i have: root inetd 583 5 tcp4 127.0.0.1:8021 # pf.conf nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port 8021 anchor "ftp-proxy/*" pass out proto tcp from $int_inf to any port 21 keep state Well, after i used ftp command the connexion works fine but with ls command i have this: ftp>ls 229 Entering Extended Passive Mode (|||9576|) 200 EPRT command successful Consider using EPSV. and after 40 seconds i have this: 150 Here comes the directory listing. ftp: poll timeout waiting before accept: Operation not permitted 426 Failure writing network stream. 225 No transfer to ABOR. ftp> I don't what happend but i think, the rdr don't work but why ? I don't know. ### Two method with pftpx # rc.conf I added this line: pftpx_enable="YES" After a reboot and with sockstat -4 command i have: proxy pftpx 495 3 tcp4 127.0.0.1:8021 *:* # pf.conf nat-anchor "pftpx/*" rdr-anchor "pftpx/*" rdr pass on $int_inf proto tcp from any to any port 21 -> 127.0.0.1 port 8021 anchor "pftpx/*" pass out proto tcp from $int_inf to any port 21 keep state Well, after i used ftp command the connexion works fine but i have the same problem. Just an question, why the rdr dont work at all on my computer ? What Happened ? Thank you so much :) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
