> Hello !!! > > I want to have active and passive mode ftp-server which placed behind > the > firewall.The OpenBSD pf will need to pass passive and active ftp > connections.And I want to set policy "block".Which rules I need to add > at > the pf.conf ? > > ----------- ep0 ----------------- ep1 -------------- > | Internet | ------- | OpenBSD box | ------- | FTP server | > -----------all ----------------- -------------- > 192.168.1.1 >
The PF FAQ Answers you that question: http://cvs.openbsd.org/faq/pf/ftp.html#natserver Also, the example provided is for an OpenBSD FTP-Server. On other servers you have to do additional configuration. The ports used (and decided by the server) in passive mode should be configured. Most FTP servers have such functionality. By default OpenBSD ftp uses a port range of 49152:65535. To configure it in ProFTPd, you have to set your PassivePorts directive. Also don't forget to adjust your rules (rdr and pass) according to the setting of your FTP server. Kenny Gryp -- http://gryp.dakin.be - [EMAIL PROTECTED]
