Camiel Dobbelaar wrote:
On Thu, 8 Jun 2006, uc.sheda wrote:
When 172.16.218.129 is trying to reach the port 21/tcp of 129.128.5.191,
here is what happen:
* tcpdump -tei pflog0 port 21 or 8021: don't show anything
You don't have "log" on your "rdr pass" line.
* tcpdump -tni bridge0 port 21 or 8021: just show the SYN coming from 172.16.218.129,
nothing else.
* pfctl -ss show 2 states:
all tcp 127.0.0.1:8021 <- 129.128.5.191:21 <- 172.16.218.129:22585
CLOSED:SYN_SENT
all tcp 172.16.218.129:22585 -> 127.0.0.1:8021 SYN_SENT:CLOSED
* netstat -anp tcp show that ftp-proxy is listening on 127.0.0.1:8021 but don't
receive anything (no socket in a state !=LISTEN with port 8021).
Is there something I'm missing? What is the exact meaning of the arrows seen in the
pfctl -ss output?
You can't connect to the internet with a private space (172.16) address.
--
Cam
I've missed the 'log' option. I'll try it asap.
There's a NAT box between the OpenBSD box and Internet, that's why I
don't need outgoing NAT rules.
sheda
