On Sat, Jan 14, 2017 at 12:11:54PM +0000, Mik J wrote: > Openbsd 6.0 > Hello, > I have a ftp server behind my PF firewall and I would like to be able to ftp > in from the internet > It doesn't work with# /usr/sbin/ftp-proxy -D7 -v -R @ftp_internal_address > -p21 -b @external_address > anchor "ftp-proxy/*" > pass in quick on $ext_if inet proto tcp to $ext_add port 21 flags S/SAFR > modulate state > pass out quick on $int_if inet proto tcp from $int_add to > $ftp_internal_address user proxy > > But works when I remove the "user proxy" in the last rule
So it is related to the user. >From ftp-proxy(8) man page: ftp-proxy chroots to "/var/empty" and changes to user "_ftp-proxy" to drop privileges. > Does someone knows why ? you should allow the "_ftp-proxy" user, and not the "proxy" user to make it works as expecting. thanks. -- Sebastien Marie