alex wilkinson wrote:
> # ftp hostname.some.domain
> Connected to hostname.some.domain
> 421 Service not available, remote server has closed connection.
> ftp>
Do you get the same message from all FTP servers?
"Service not available" might mean there's trouble with that specific
server.
Other than that, I can't immediately see anything wrong with your setup.
(It has been a while since I set up ftp-proxy and PF. But at least you
can take consolation in knowing it's possible. I'm failing to set up
p3scan with PF, and I've no idea if anyone has ever succeeded.)
My setup does seem slightly different to yours, however. Such as, in my
external interface rules, I have this:
# Allow ftp-proxy to contact FTP servers
pass out on $ext_intfc proto tcp from any port 49152:65535 to any
port { 20, 21, 49152:65535 } user ftp-proxy modulate state
queue(default_out, ack_out)
For my redirect rule, I have the very similar:
# Redirect FTP traffic from local network to ftp-proxy
# (Note: ftp-proxy needs to use the INTERNAL interface address so
that the local network is
# permitted to talk to it - the local network cannot talk to the
external interface address.
# Make sure this is specified as an argument to ftp-proxy in
inetd.conf)
#
rdr on $int_intfc proto tcp from $int_intfc:network to any port 21
tag $ftp_traffic -> $int_intfc port 8021
If you're using NAT, you also need to use the -n switch in your
inetd.conf line for ftp-proxy.
--
Bob
