Hi Guys, an excusse for my question:
I am relativelly new to the OpenBSD (and PF) though not so the other firewall/filtering/nating :) Now, few days ago I've set up a transparent bridge on freshly installed OpenBSD 3.6 (my experience with OpenBSD started with 3.5 used as a desktop, just to learn the system, then I've just red about PF, not actually used it). And I did my homework and read some info from OpenBSD and around. Setting it up was therefore very easy now it's time for problems. At first I did it almost completely open from within and almost completely blocking from without. And it worked like charm. Now I'd like to get it more blocking also from within, just in case some of my users (I am at one of the departments at the university) gets too smart and would like to start bothering others. One of the valid things (with other ones not problems whatsoever :) for me is trying to get something from without via ftp but there is some problem and therefore the question. And I didn't find my answer in other docs :( As the bridge is completely transparent and without ANY IP number on any of the two cards I cannot solve my ftp problem via local ftp-proxy solution descibed in the documentation. Also setting simple rules like: pass in quick on $ext_if proto tcp from { $local } to any port = \ ftp-data flags S/SA keep state pass in quick on $ext_if proto tcp from { $local } to any port = \ ftp flags S/SA keep state gets mefro a client behind the bridge to the server outside (I even get banners/readmes) but any dir/ls gets back to me. Are there any smarted solutions I haven't found yet? I know that linux's iptables make use of special connection tracking module for ftp to handle that problem but ... is there anything like this for OpenBSD? If things like this are solvable shouldn't the solutions find the way to the bridging part of FAQ? I'd suggest so very strongly :) Best regards Romek