SV: pf firewall and ftp
To solve the ftp pre 4.7 part, you can start reading here http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM /Hasse -Oprindelig meddelelse- Fra: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] På vegne af Fbsd8 Sendt: den 16 april 2012 04:31 Til: FreeBSD Questions; FreeBSD Current; FreeBSD doc Emne: Re: pf firewall and ftp Fbsd8 wrote: Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface except single pass all rule. But I can not do host initiated or lan initiated ftp sessions to the public internet. Get operation not permitted message. Tried to setup ftp-proxy per openbsd pf manual without any joy. Looking for working rule set with nat and ftp services to study and learn from. OK I have uncovered what the problem is. The pf version running on Freebsd 9.0 matches the version running on openbsd 4.5. Found it on man pf at the end. The documentation on the Openbsd website for pf is for Openbsd 5.0 and it has warning saying NOTE: This information is for OpenBSD 4.7. NAT configuration was significantly different in earlier versions. http://pf4freebsd.love2party.net/ has more info about how back dated the 9.0 Freebsd production version of pf is. The Freebsd handbook had a detailed section on pf including rules examples matching the version of pf included with 9.0 But someone allowed it to be removed in the current version of the handbook. So here we are with an outdated version of pf in the current production 9.0 version of Freebsd and there is no documentation available on nat rule syntax in the handbook or at openbsd/pf. Going to dig through the 9.0 pf man pages for the info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SV: pf firewall and ftp
On Mon, Apr 16, 2012 at 09:39:38AM +0200, Hasse Hansson wrote: To solve the ftp pre 4.7 part, you can start reading here http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM /Hasse -Oprindelig meddelelse- Fra: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] På vegne af Fbsd8 Sendt: den 16 april 2012 04:31 Til: FreeBSD Questions; FreeBSD Current; FreeBSD doc Emne: Re: pf firewall and ftp Fbsd8 wrote: Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface except single pass all rule. But I can not do host initiated or lan initiated ftp sessions to the public internet. Get operation not permitted message. Tried to setup ftp-proxy per openbsd pf manual without any joy. Looking for working rule set with nat and ftp services to study and learn from. OK I have uncovered what the problem is. The pf version running on Freebsd 9.0 matches the version running on openbsd 4.5. Found it on man pf at the end. The documentation on the Openbsd website for pf is for Openbsd 5.0 and it has warning saying NOTE: This information is for OpenBSD 4.7. NAT configuration was significantly different in earlier versions. http://pf4freebsd.love2party.net/ has more info about how back dated the 9.0 Freebsd production version of pf is. The Freebsd handbook had a detailed section on pf including rules examples matching the version of pf included with 9.0 But someone allowed it to be removed in the current version of the handbook. So here we are with an outdated version of pf in the current production 9.0 version of Freebsd and there is no documentation available on nat rule syntax in the handbook or at openbsd/pf. The version of PF in FreeBSD is corresponds to the one in OpenBSD 4.5. There are old versions of the OpenBSD PF FAQ on mirrors: http://ftp2.eu.openbsd.org/pub/OpenBSD/doc/history/pf-faq45.pdf http://ftp2.eu.openbsd.org/pub/OpenBSD/doc/history/pf-faq45.txt Going to dig through the 9.0 pf man pages for the info The rules should also be documented in the man pages. -- Denny Lin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf firewall and ftp
There's also web available manuals for probably every release of OpenBSD here: http://www.openbsd.org/cgi-bin/man.cgi http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confmanpath=OpenBSD+4.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
pf firewall and ftp
Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface except single pass all rule. But I can not do host initiated or lan initiated ftp sessions to the public internet. Get operation not permitted message. Tried to setup ftp-proxy per openbsd pf manual without any joy. Looking for working rule set with nat and ftp services to study and learn from. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf firewall and ftp
Fbsd8 wrote: Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface except single pass all rule. But I can not do host initiated or lan initiated ftp sessions to the public internet. Get operation not permitted message. Tried to setup ftp-proxy per openbsd pf manual without any joy. Looking for working rule set with nat and ftp services to study and learn from. OK I have uncovered what the problem is. The pf version running on Freebsd 9.0 matches the version running on openbsd 4.5. Found it on man pf at the end. The documentation on the Openbsd website for pf is for Openbsd 5.0 and it has warning saying NOTE: This information is for OpenBSD 4.7. NAT configuration was significantly different in earlier versions. http://pf4freebsd.love2party.net/ has more info about how back dated the 9.0 Freebsd production version of pf is. The Freebsd handbook had a detailed section on pf including rules examples matching the version of pf included with 9.0 But someone allowed it to be removed in the current version of the handbook. So here we are with an outdated version of pf in the current production 9.0 version of Freebsd and there is no documentation available on nat rule syntax in the handbook or at openbsd/pf. Going to dig through the 9.0 pf man pages for the info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org