Hi all
I'm sorry that I'm asking such a silly question, anyway this is a list for
newbies so try to excuse me :)
I'm running OpenBSD box wich has PF and NAT enabled. This server is an
internet gateway for my computers on LAN.
OpenBSD box also serves FTPd which should be accessible from the intranet
and internet.
I use ftpsesame application from packages, so internet clients can connect
to my server without any problem by passive connection
and my clients on LAN too.
Anyway I always try to use tools bundled in OpenBSD because I trust them so
I would like to replace ftpsesame with ftp-proxy.
I need to make possible passive connections to my FTPd server which runs on
same host as ftp-proxy.
OK, I know I could probably open high ports in PF, so FTP transfers could
work but this solution seems to me a little bit insecure.
I followed man pages for ftp-proxy, modified my PF rules but passive
connection to my ftpd is not possible.
into PF rules I inserted:
In the NAT section:
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $ext_if proto tcp from any to $wan_addr port 21 -> \
127.0.0.1 port 8021
In the rule section:
anchor "ftp-proxy/*"
pass out proto tcp from $proxy to any port 21
----------
I guess that problem is caused by redirecting the ftp traffic to localhost
and then to my wan IP address on same host so I also tryed ftp-proxy with
following options.
ftp-proxy -R $wan_ip
then
ftp-proxy -R $lan_ip
and also ftp-proxy -R $localhost
But it was not working, I was able only to connect to ftp server but not to
list directories.
Maybe I just do not understand the real purpose of ftp-proxy but I would
like to achieve with it passive ftp access for all clients without opening
1K ports in PF. Is it possible?
Thanks
MK
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies
