Dear Clinton, A million thanks for the link! It is working now! I chose to stick with the default proxy port 8021 of OpenBSD 3.5 ftp-proxy and not 8081 in the article and also ftp-proxy manual of OpenBSD 3.5 specifies a differrent set of ports so I am sticking to the manual.
But I got the Idea now. Thanks alot again God bless you regards Siju On Wed, 29 Sep 2004 08:59:52 -0400, Clinton Sigmon <[EMAIL PROTECTED]> wrote: > how FTP works > http://slacksite.com/other/ftp.html > http://pintday.org/whitepapers/ftp-review.shtml > > how to apply the rules in PF using FTP-Proxy > http://www.aei.ca/~pmatulis/pub/obsd_ftp.html > > > > > Siju George wrote: > > > hi all, > > > > I configured OpenBSD 3.5 PF as said in the FAQ. > > > > For the clients behind my PF firewall to access ftp servers I put this > > line in the pf.conf file > > > > rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1:8021 > > > > I also have the following line uncommented from /etc/inetd.conf > > > > 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy > > > > Now the FTP clients behind the PF firewall cant connect to the ftp > > servers on the internet username is authenticated successfully. but > > listing of files is not possible. > > > > It is not a problem with user permission because if I FTP from the > > OpenBSD firewall itslef as the same user to the same FTP server I am > > able to list the files. > > > > I'll paste the output of ftp commands issued from both OpenBSD and a > > client behind OpenBSD below. Domain names and user names are replaced > > with "aaaaa " for the sake of security. > > > > Could someone please point out the trouble? > > > > Thankyou somuch > > > > Siju > > > > ---FTP command Output when Remote FTP Server is accessed form the > > OpenBSD Firewall---- > > > > rain# ftp aaaa.aaa > > Connected to aaaa.aaa. > > 220-=(<*>)=-.:. (( Welcome to PureFTPd 1.0.12 )) .:.-=(<*>)=- > > 220-You are user number 5 of 50 allowed. > > 220-Local time is now 01:41 and the load is 0.30. Server port: 21. > > 220 You will be disconnected after 15 minutes of inactivity. > > Name (aaaa.aaa:root): aaaaaa > > 331 User aaaaaa OK. Password required > > Password: > > 230-User aaaaaa has group access to: aaaaaa > > 230 OK. Current restricted directory is / > > Remote system type is UNIX. > > Using binary mode to transfer files. > > ftp> ls > > 500 Unknown command > > 227 Entering Passive Mode (64,235,230,209,152,108) > > 150 Accepted data connection > > drwxr-x--- 3 32651 12 4096 Sep 25 02:25 etc > > drwxrwx--- 19 32651 12 4096 Sep 28 16:11 mail > > drwxr-x--- 3 32651 aaaaaa 4096 Sep 23 09:56 public_ftp > > drwxr-xr-x 13 32651 99 4096 Sep 23 23:43 public_html > > drwx------ 6 32651 aaaaaa 4096 Sep 23 10:10 tmp > > lrwxrwxrwx 1 32651 aaaaaa 11 Sep 23 09:56 www -> public_html > > 226-Options: -l > > 226 6 matches total > > ftp> > > > > ------------------------------------------------------------------------------------------------------------------------ > > > > Now, > > > > ---FTP command Output when Remote FTP Server is accessed form an > > ftp-client behind the OpenBSD Firewall---- > > > > ftp aaaa.aaa > > Connected to aaaa.aaa > > 220-=(<*>)=-.:. (( Welcome to PureFTPd 1.0.12 )) .:.-=(<*>)=- > > 220-You are user number 2 of 50 allowed. > > 220-Local time is now 01:10 and the load is 0.47. Server port: 21. > > 220 You will be disconnected after 15 minutes of inactivity. > > User (aaaa.aaa:(none)): aaaaaaa > > 331 User aaaaaaa OK. Password required > > Password: > > 230-User aaaaaaa has group access to: aaaaaaa > > 230 OK. Current restricted directory is / > > ftp> ls > > 200 PORT command successful > > 425 Could not open data connection to port 57234: Connection timed out > > > > ---------------------------------------------------------------------------------------- > > > > Thanks a lot > > > > Siju > > > > -- > clint > Cryptek, Inc. >
