On Wed, 29 Sep 2004, Siju George wrote: > hi all, > > I configured OpenBSD 3.5 PF as said in the FAQ. > > For the clients behind my PF firewall to access ftp servers I put this > line in the pf.conf file > > rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1:8021 > > I also have the following line uncommented from /etc/inetd.conf > > 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy > > Now the FTP clients behind the PF firewall cant connect to the ftp > servers on the internet username is authenticated successfully. but > listing of files is not possible. > > It is not a problem with user permission because if I FTP from the > OpenBSD firewall itslef as the same user to the same FTP server I am > able to list the files. > > I'll paste the output of ftp commands issued from both OpenBSD and a > client behind OpenBSD below. Domain names and user names are replaced > with "aaaaa " for the sake of security. > > Could someone please point out the trouble?
Are you doing nat as well? You could try: 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n And do you have a rule like: pass in on $ext_if inet proto tcp from any to $ext_if \ user proxy keep state It worked for me. Bye, Mipam.
