Darek Eliasz wrote:
have you read about ftp-proxy ?
Yes, I use it for acces from LAN to external ftp servers. I was trying redirect traffic to my DMZ ftp server across ftp-proxy but without any results. Some idea how to do it ?
From the PF' user guide (http://www.openbsd.org/faq/pf/index.html) under "Issues with FTP" here is an example subset of rules which would accomplish this:
ftp_server = "10.0.3.21"
rdr on $ext_if proto tcp from any to any port 21 -> $ftp_server \
port 21
rdr on $ext_if proto tcp from any to any port 49152:65535 -> \
$ftp_server port 49152:65535 # in on $ext_if
pass in quick on $ext_if proto tcp from any to $ftp_server \
port 21 keep state
pass in quick on $ext_if proto tcp from any to $ftp_server \
port > 49151 keep state # out on $int_if
pass out quick on $int_if proto tcp from any to $ftp_server \
port 21 keep state
pass out quick on $int_if proto tcp from any to $ftp_server \
port > 49151 keep state
-- Maxime Labelle - [EMAIL PROTECTED]
