According to pf FAQ:
"With passive mode FTP (the default mode with OpenBSD's ftp(1)
client), the client requests that the server pick a random port to
listen on for the data connection. The server informs the client of
the port it has chosen, and the client connects to this port to
transfer the data. Unfortunately, this is not always possible or
desirable because of the possibility of a firewall in front of the FTP
server blocking the incoming data connection. OpenBSD's ftp(1) uses
passive mode by default; to force active mode FTP, use the -A flag to
ftp, or set passive mode to "off" by issuing the command "passive off"
at the "ftp>" prompt."
ok! I am really having a bad time with this issue! Not to get it
working but to understand it. If ftp-proxy does not insert rules how
does the outgoing traffic is permitted across the firewall for a
dynamic port choosen by the server?
Thanks once more.
On 5/14/07, Joachim Schipper <[EMAIL PROTECTED]> wrote:
On Mon, May 14, 2007 at 01:24:07PM -0300, John Nietzsche wrote:
> Dear gentleman/madam,
>
> i have installed my openbsd firewall and i am trying to get ftp client
> behind working.
> It is working nicely. But, when i try to lookup and the nat rules
> inserted by ftp-proxy, i get nothing :
>
> [EMAIL PROTECTED] pfctl -sn -a '*'
> nat-anchor "ftp-proxy/*" all
> nat-anchor "neif" on pppoe0 all
> nat-anchor "niif_0" on sis0 all
> rdr-anchor "ftp-proxy/*" all
> rdr-anchor "reif" on pppoe0 all
> rdr-anchor "riif_0" on sis0 all
> [EMAIL PROTECTED] pfctl -sn -a 'ftp-proxy/*'
>
>
> I am very confused on why it is not showed anything.
I'm fairly certain ftp-proxy only inserts rules for active FTP sessions,
and removes them as soon as they are no longer active.
Joachim
--
TFMotD: vgrind (1) - grind nice listings of programs
