Hi all,
I have set up ftp-proxy(8) as per recommendations from the PF FAQ. I
have used the following to set it up:
rdr on $INT_IF proto tcp from any to any port 21 -> 127.0.0.1 port 8021
pass in log quick on $EXT_IF proto tcp from port 20 to ($EXT_IF) user
proxy flags S/SA keep state
inetd(8) is set up correctly.
I have gone down the road of explicitly allowing connections _both_ in
and out. This is causing the folllowing problem:
# ftp hostname.some.domain
Connected to hostname.some.domain
421 Service not available, remote server has closed connection.
ftp>
>From /var/log/messages:
May 25 17:01:33 gateway ftp-proxy[5528]: accepted connection from
10.0.0.30:25499 to 192.231.203.130:21
May 25 17:02:48 gateway ftp-proxy[5528]: cannot connect to
192.231.203.130:21 (Operation timed out)
However, I have explicitly allowed:
pass out on $EXT_IF inet proto tcp from ($EXT_IF) to any port {20,21}
I'm not sure what is happening here. It looks like ftp-proxy(8) is
being blocked when trying to connect _out_ to port 21.
Can anyone suggest anything here ?
Cheers
- Alex
