My configuration is that I have a (four-legged) bridge, and the EXT interface was assigned an IP address which I can access from anywhere for managing the firewall.
I am trying to set up the ftp-proxy. I have defined the port in /etc/services and then enabled the proxy in /etc/inetd.conf using the port name, and specifying -u proxy so that I can filter the active port connections using that. I have added rules in pf.conf to redirect to port 8021 at the firewall address (I didn't use 127.0.0.1 because I wasn't sure it would work without routing enabled). I have logged the first packet being directed to port 8021 on the firewall address, but then... nothing. What should I be checking at this stage, as all the lines I have typed match the books and manuals as far as I can see. Can anyone suggest what I have missed, or how I can diagnose this further? Thanks, Paul In my pf.conf: rdr on $INT proto tcp from any to any port 21 -> $FW port 8021 [...] # Allow FTP in from local for proxying, and from remote for data pass in log quick on $INT proto tcp from $INTip to $FW port 8021 \ flags S/SA keep state pass in log quick on $EXT proto tcp from any port 20 to $FW \ user proxy flags S/SA keep state block in quick from any to $FW pass out log quick from $FW to any modulate state In my inetd.conf: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -u proxy -t 300 (I haven't defined the user proxy - it seems to be there already) -- Paul Hodges IT Support Manager Dept of Clinical Pharmacology Oxford University 01865-224418
