Jon Rubio wrote: > Hello everyone, > > We need some help with the ftp-proxy on reverse mode. Thanks you very much > for your help. > > The scenario: > --------------- > > We have an OpenBSD firewall with two interfaces conected to Internet (bge0 > ang bge1). > The first interface is used to browse internet and access all external > Internet services. > The second interface is used to manage incoming conections from our partners > to our internal services (www, ftp & mail). > > We have sucessfully created routing rules on the PF to route outgoing trafic > for www and mail services. > We have even sucessfully created routing rules on the PF to route outgoing > trafic for FTP service until it enters on passive mode (ftp authentification > is sucessfull). > > But on PF rules created by the ftp-proxy (dinamically) we can't find how to > specify to use the secondary connection, so it sends packages from the first > interface. > > B?Can anyone, please help us? Any idea would be appreciated. > > Thanks in advance. > -- > View this message in context: > http://www.nabble.com/Route-ftp-proxy-pasive-mode-to-secondary-Internet-conec > tion-tp18100893p18100893.html > Sent from the openbsd user - misc mailing list archive at Nabble.com. > > > There are two solutions for this problem AFAIK. The easy, and the not so easy, but nice solution. The easy, is to change the default gateway of the firewall to be the secondary connection one. You will have to adapt you rules to use the primary connection for navigation traffic, because know, your "secondary" connection is your primary one. So the logic changes. The second alternative is to use the -mpath feature of ifconfig to set both the default gateways, and to make ftp-proxy create the rules using the connection you want. Take a look at -a option of it. In both cases you will have to select the routes using pf. I recommend that you do things right and use -mpath. It can even help with failover and other things.
My regards, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Herom 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
