On Sat, Jan 14, 2017 at 12:11:54PM +0000, Mik J wrote:
> Openbsd 6.0
> Hello,
> I have a ftp server behind my PF firewall and I would like to be able to ftp
> in from the internet
> It doesn't work with# /usr/sbin/ftp-proxy -D7 -v -R @ftp_internal_address
> -p21 -b @external_address
> anchor "ftp-proxy/*"
> pass in quick on $ext_if inet proto tcp to $ext_add port 21 flags S/SAFR
> modulate state
> pass out quick on $int_if inet proto tcp from $int_add to
> $ftp_internal_address user proxy
>
> But works when I remove the "user proxy" in the last rule
So it is related to the user.
>From ftp-proxy(8) man page:
ftp-proxy chroots to "/var/empty" and changes to user
"_ftp-proxy" to drop privileges.
> Does someone knows why ?
you should allow the "_ftp-proxy" user, and not the "proxy" user to make
it works as expecting.
thanks.
--
Sebastien Marie
