Problems with pf + ftp-proxy on gateway
I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. I have this line on inetd.conf: ftp-proxy stream tcp nowait root/usr/libexec/ftp-proxy ftp-proxy -n And this lines on pf.conf: rdr on $int_if proto tcp from any to any port ftp - 127.0.0.1 port ftp-proxy pass in quick on $ext_if inet proto tcp from any port ftp-data to $ext_if:0 user proxy flags S/SA keep state When one machine inside my network (e.g. 192.168.x.x) connects to an external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't work. Connection comes to my firewall and is accepted but connection is not established and stay like this here: self tcp 200.x.x.x:57625 - 200.x.x.x:20 ESTABLISHED:FIN_WAIT_2 Any kind of help will be appreciate thanks -- Renato Botelho ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with pf + ftp-proxy on gateway
--- Renato Botelho [EMAIL PROTECTED] wrote: I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. I have this line on inetd.conf: ftp-proxy stream tcp nowait root/usr/libexec/ftp-proxy ftp-proxy -n And this lines on pf.conf: rdr on $int_if proto tcp from any to any port ftp - 127.0.0.1 port ftp-proxy pass in quick on $ext_if inet proto tcp from any port ftp-data to $ext_if:0 user proxy flags S/SA keep state When one machine inside my network (e.g. 192.168.x.x) connects to an external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't work. Connection comes to my firewall and is accepted but connection is not established and stay like this here: self tcp 200.x.x.x:57625 - 200.x.x.x:20 ESTABLISHED:FIN_WAIT_2 You need to decide whether you are working with passive ftp clients (probably), active, or both. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with pf + ftp-proxy on gateway
Peter wrote: --- Renato Botelho [EMAIL PROTECTED] wrote: I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. I have this line on inetd.conf: ftp-proxy stream tcp nowait root/usr/libexec/ftp-proxy ftp-proxy -n And this lines on pf.conf: rdr on $int_if proto tcp from any to any port ftp - 127.0.0.1 port ftp-proxy pass in quick on $ext_if inet proto tcp from any port ftp-data to $ext_if:0 user proxy flags S/SA keep state When one machine inside my network (e.g. 192.168.x.x) connects to an external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't work. Connection comes to my firewall and is accepted but connection is not established and stay like this here: self tcp 200.x.x.x:57625 - 200.x.x.x:20 ESTABLISHED:FIN_WAIT_2 You need to decide whether you are working with passive ftp clients (probably), active, or both. Or use the ftp/pftpx port, which handles proxying all types of active and passive FTP. That's the successor to ftp-proxy(8) due to be released shortly as part of OpenBSD 3.9, and documented at: http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxyapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
