Ftp Question !

Wed, 23 May 2007 23:03:41 -0700 

Hi,

I have question regarding FTP.

First at all, let me tell you my configuration:


PCLANa1-----a2[proxyBSD]b1-------b2[firewallBSD]c1-----(internet)


a1=192.168.0.3
a2=192.168.0.251
b1=10.4.1.3
b2=10.4.1.2
c1=PublicIPaddress

What i want is let the  PCLAN to gain ftp access to a remote ftp server

These are my pf.conf rules:



In the [proxyBSD]


# Macros

ext_if="fxp0"
int_if="rl0"
NsV="{ a.b.c.d, a.b.c.e}"
Lan="192.168.0/24"
set skip on lo

scrub in all
scrub out all

block in all
block out  all
block in quick inet6 all

antispoof quick for { lo $int_if }

pass in on $int_if proto tcp from <proxusers> to $int_if port 3128 keep state
pass out on $ext_if proto tcp from ($ext_if) to any port {21,80,443,8880, 2082} 
keep state


pass in on $int_if inet proto tcp from any to any port 21 keep state
pass out on $ext_if inet proto tcp from any to any port 21 keep state
pass in on $ext_if inet proto tcp from any to any port >1024 keep state






In the [firewallBSD]

ext_if="xl0"
int_if="fxp0"
ext_ip="a.b.c.d"
Proxy="10.4.1.3"
Lan="192.168.0.0/24"
Lh="127.0.0.1"

#Don't Filter on the loopback interface
set block-policy drop
set skip on lo
scrub in all
scrub out on $ext_if all random-id

nat on $ext_if from !($ext_if) -> $ext_ip
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"

block in on { rl0, fxp0, xl0 } all
block out on { rl0, fxp0, xl0 } all
block in quick inet6 all
pass out keep state

anchor "ftp-proxy/*"
pass out on $ext_if inet proto tcp from ($ext_if) to any port 21 keep state
pass in on $int_if inet proto tcp from any to any port 21 keep state
pass in on $ext_if inet proto tcp from any to $ext_if port > 49151 keep state
antispoof quick for { lo $int_if $dmz_if}

#Conexiones a HTTP, HTTPS
pass in on $int_if proto tcp from $Proxy to any port {21,80,443} keep state
pass out on $ext_if proto tcp from $Proxy to any port {21,80,443}keep state




NOTES:


I can not do ftp from the [proxyBSD]  neither from PCLAN


Any ideas ?

Thanks

Jorge Valbuena



-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

Reply via email to