According to pf FAQ: "With passive mode FTP (the default mode with OpenBSD's ftp(1) client), the client requests that the server pick a random port to listen on for the data connection. The server informs the client of the port it has chosen, and the client connects to this port to transfer the data. Unfortunately, this is not always possible or desirable because of the possibility of a firewall in front of the FTP server blocking the incoming data connection. OpenBSD's ftp(1) uses passive mode by default; to force active mode FTP, use the -A flag to ftp, or set passive mode to "off" by issuing the command "passive off" at the "ftp>" prompt."
ok! I am really having a bad time with this issue! Not to get it working but to understand it. If ftp-proxy does not insert rules how does the outgoing traffic is permitted across the firewall for a dynamic port choosen by the server? Thanks once more. On 5/14/07, Joachim Schipper <[EMAIL PROTECTED]> wrote:
On Mon, May 14, 2007 at 01:24:07PM -0300, John Nietzsche wrote: > Dear gentleman/madam, > > i have installed my openbsd firewall and i am trying to get ftp client > behind working. > It is working nicely. But, when i try to lookup and the nat rules > inserted by ftp-proxy, i get nothing : > > [EMAIL PROTECTED] pfctl -sn -a '*' > nat-anchor "ftp-proxy/*" all > nat-anchor "neif" on pppoe0 all > nat-anchor "niif_0" on sis0 all > rdr-anchor "ftp-proxy/*" all > rdr-anchor "reif" on pppoe0 all > rdr-anchor "riif_0" on sis0 all > [EMAIL PROTECTED] pfctl -sn -a 'ftp-proxy/*' > > > I am very confused on why it is not showed anything. I'm fairly certain ftp-proxy only inserts rules for active FTP sessions, and removes them as soon as they are no longer active. Joachim -- TFMotD: vgrind (1) - grind nice listings of programs