Hi Guys,
an excusse for my question:
I am relativelly new to the OpenBSD (and PF) though not so the other
firewall/filtering/nating :)
Now, few days ago I've set up a transparent bridge on freshly
installed OpenBSD 3.6 (my experience with OpenBSD started with 3.5 used
as a desktop, just to learn the system, then I've just red about PF, not
actually used it). And I did my homework and read some info from OpenBSD
and around. Setting it up was therefore very easy now it's time for
problems.
At first I did it almost completely open from within and almost
completely blocking from without. And it worked like charm. Now I'd like
to get it more blocking also from within, just in case some of my users
(I am at one of the departments at the university) gets too smart and
would like to start bothering others.
One of the valid things (with other ones not problems whatsoever :)
for me is trying to get something from without via ftp but there is some
problem and therefore the question. And I didn't find my answer in other
docs :(
As the bridge is completely transparent and without ANY IP number on
any of the two cards I cannot solve my ftp problem via local ftp-proxy
solution descibed in the documentation. Also setting simple rules like:
pass in quick on $ext_if proto tcp from { $local } to any port = \
ftp-data flags S/SA keep state
pass in quick on $ext_if proto tcp from { $local } to any port = \
ftp flags S/SA keep state
gets mefro a client behind the bridge to the server outside (I even get
banners/readmes) but any dir/ls gets back to me.
Are there any smarted solutions I haven't found yet? I know that
linux's iptables make use of special connection tracking module for ftp
to handle that problem but ... is there anything like this for OpenBSD?
If things like this are solvable shouldn't the solutions find the way to
the bridging part of FAQ? I'd suggest so very strongly :)
Best regards
Romek
