NetOpsCenter wrote:
Matthias Kellermann wrote:
Hi list,

I'm trying to get outgoing FTP sessions to work with pf and
ftp/ftp-proxy in a NAT environment.

My simple config on a test machine looks like this:
------------------------------------------------------------------
int_if = "rl0"
localnet = "192.168.0.0/24"
tcp_services = "{ ssh, domain, www, https, ftp }"
udp_services = "{ domain }"

nat on $int_if from $localnet to any -> ($int_if)

rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021

block all

pass from $localnet to any keep state
pass proto udp to any port $udp_services keep state

pass out proto tcp to any port $tcp_services keep state

pass in proto tcp from any to any user proxy keep state
pass in proto tcp from any to any port ssh keep state
------------------------------------------------------------------

FTP login works fine. But if I want to do a "ls" on the FTP server I get
the following error on the client (no matter if NAT client or gateway):

425 Failed to establish connection.

Any idea whats wrong with my setup?

Thanks,
Matthias


Aloha Matthias,

I am having the same ftp problem on servers that are on an ATM 5 IP circuit. There is no NAT involved with one of these. The outbound FTP goes out but I cant get the files to list when I go inbound from outside on an recognized IP.
SSH on the same box works fine.
It would make my day to get this working.

~Al Plant - Honolulu, Hawaii -  Phone:  808-284-2740
 + http://hawaiidakine.com + http://freebsdinfo.org + [EMAIL PROTECTED] +
 + http://aloha50.net   - Supporting - FreeBSD 6.* - 7.* +
"All that's really worth doing is what we do for others."- Lewis Carrol



Followup :

I found what the problem was with ftp on my ATM line setup finally.

In order to pass data as Jonathan Horne suggested you have to add a special line to identify the ports used passively.

Add the line below to the pf.conf below the ftp port 21   or 8021

pass in on $ext_if proto tcp from any to $ext_if port >49151

I found this buried in the middle of an article I searched on PF "self protecting" an FTP Server

Thanks ....


~Al Plant - Honolulu, Hawaii -  Phone:  808-284-2740
 + http://hawaiidakine.com + http://freebsdinfo.org + [EMAIL PROTECTED] +
 + http://aloha50.net   - Supporting - FreeBSD 6.* - 7.* +
"All that's really worth doing is what we do for others."- Lewis Carrol


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to