Hi, I can't get active ftp to work through pf and ftp-proxy. -Passive ftp works fine. I use ftp from a Windows-pc and have been testing on ftp.openbsd.org and ftp.sunet.se. I've dumbed down pf.conf as much as I possibly can. Still no go. I had an older snapshot but upgraded just now - no difference.
-------------------------------------------------------------------# cat /etc/pf.confset block-policy returnset loginterface egressset skip on loanchor "ftp-proxy/*"pass in quick log on em0 inet proto tcp to port ftp divert-to 127.0.0.1 port 8021pass out quick log proto tcp from (self) to any port ftpmatch out on egress from em0:network nat-to egresspass in on em0 inet proto tcp to em0:0 port sshpass out logpass in log on em0--------------------------------------------------------------# ps auxwww | grep ftp-proxyproxy 16586 0.0 0.1 640 1104 ?? Is 8:38PM 0:00.01 /usr/sbin/ftp-proxy -vv -D7--------------------------------------------------------------# uname -aOpenBSD left.hytherm.local 5.6 GENERIC#335 i386-------------------------------------------------------------- # grep -v unbound /var/log/daemonSep 22 20:00:01 left newsyslog[2774]: logfile turned overSep 22 20:25:53 left ntpd[31904]: ntp engine readySep 22 20:25:54 left savecore: no core dumpSep 22 20:25:55 left ftp-proxy[20919]: listening on 127.0.0.1 port 8021Sep 22 20:25:55 left sensorsd[29748]: startup, system has 1 sensorsSep 22 20:26:14 left ntpd[31904]: peer 87.232.1.41 now validSep 22 20:26:17 left ntpd[31904]: peer 54.246.100.200 now validSep 22 20:26:20 left ntpd[31904]: peer 54.229.136.168 now validSep 22 20:27:12 left ntpd[19159]: adjusting local clock by 0.605419sSep 22 20:27:45 left ntpd[19159]: adjusting local clock by 0.440419sSep 22 20:29:22 left ntpd[31904]: clock is now syncedSep 22 20:31:46 left ntpd[31904]: peer 149.157.192.5 now validSep 22 20:38:06 left ftp-proxy[20919]: exiting on signal 15Sep 22 20:38:27 left ftp-proxy[16586]: listening on 127.0.0.1 port 8021Sep 22 20:38:40 left ftp-proxy[16586]: #1 FTP session 1/100 started: client 192.168.1.89 to server 194.71.11.69 via proxy x.x.x.xSep 22 20:38:46 left ftp-proxy[16586]: #1 active: server to client port 16240 via port 51904Sep 22 20:41:42 left ftp-proxy[16586]: #1 client closeSep 22 20:41:42 left ftp-proxy[16586]: #1 ending sessionSep 22 20:41:44 left ftp-proxy[16586]: #2 FTP session 1/100 started: client 192.168.1.89 to server 129.128.5.191 via proxy x.x.x.xSep 22 20:41:48 left ftp-proxy[16586]: #2 active: server to client port 16259 via port 57767Sep 22 20:42:25 left ftp-proxy[16586]: #2 active: server to client port 16265 via port 63504Sep 22 20:42:36 left ftp-proxy[16586]: #2 server closeSep 22 20:42:36 left ftp-proxy[16586]: #2 ending sessionSep 22 20:43:22 left ftp-proxy[16586]: #3 FTP session 1/100 started: client 192.168.1.89 to server 129.128.5.191 via proxy x.x.x.xSep 22 20:43:25 left ftp-proxy[16586]: #3 active: server to client port 16276 via port 49835Sep 22 20:43:28 left ftp-proxy[16586]: #3 active: server to client port 16277 via port 52764Sep 22 20:43:39 left ftp-proxy[16586]: #3 active: server to client port 16278 via port 53960Sep 22 20:43:44 left ftp-proxy[16586]: #3 server closeSep 22 20:43:44 left ftp-proxy[16586]: #3 ending sessionSep 22 20:51:54 left ntpd[19159]: adjusting clock frequency by 0.252153 to 29.320203ppm
