It's still not coming up quite right I believe:
lan = "{ bge0 }"
wan = "{ xl0 carp0 ng0 }"
DMZ = "{ em0 }"
SYNC = "{ em1 }"
rdr on $lan proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $DMZ proto tcp from any to any port 21 -> 127.0.0.1 port 8022
# enable ftp-proxy
pass in quick on em0 inet proto tcp from any to $loopback port 8022 keep
state label "FTP PROXY: Allow traffic to localhost"
pass in quick on em0 inet proto tcp from any to $loopback port 21 keep
state label "FTP PROXY: Allow traffic to localhost"
pass in quick on em1 inet proto tcp from any to $loopback port 8023 keep
state label "FTP PROXY: Allow traffic to localhost"
pass in quick on em1 inet proto tcp from any to $loopback port 21 keep
state label "FTP PROXY: Allow traffic to localhost"
On Sun, 2006-03-26 at 13:44 -0500, Scott Ullrich wrote:
> If you are running on a full install, please issue:
>
> cvs_sync.sh releng_1 && /etc/rc.filter_configure
>
> And see if the problem is fixed.
>
> Thanks!
>
>
>
> On 3/25/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > Yep, that'll do it. I'll get that fixed up in a sec.
> >
> > On 3/25/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote:
> > > I'm not sure if this helps, in the rules.debug I see:
> > >
> > > # FTP Proxy/helper
> > > rdr on $lan proto tcp from any to any port 21 -> 127.0.0.1 port 8021
> > > rdr on $DMZ proto tcp from any to any port 21 -> 127.0.0.1 port 8022
> > >
> > > and below that a little ways:
> > >
> > > # enable ftp-proxy
> > > pass in quick on em0 inet proto tcp from any to $loopback port 8021 keep
> > > state label "FTP PROXY: Allow traffic to localhost"
> > > pass in quick on em0 inet proto tcp from any to $loopback port 21 keep
> > > state label "FTP PROXY: Allow traffic to localhost"
> > > pass in quick on em1 inet proto tcp from any to $loopback port 8021 keep
> > > state label "FTP PROXY: Allow traffic to localhost"
> > > pass in quick on em1 inet proto tcp from any to $loopback port 21 keep
> > > state label "FTP PROXY: Allow traffic to localhost"
> > >
> > >
> > > em0 is my DMZ interface, and I believe that rule above should be 8022
> > > and not 8021
> > >
> > >
> > >
> > > On Sat, 2006-03-25 at 15:53 -0500, Scott Ullrich wrote:
> > > > I fixed some FTP helper issues on inbound from WAN->LAN[DMZ], etc.
> > > > Try cvs_sync.sh releng_1 and see if it helps. Otherwise after bootup
> > > > you have to run /etc/rc.filter_configure a second time for it to
> > > > install the helper correctly.
> > > >
> > > > On 3/25/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote:
> > > > > I don't think thats it, I have that rule on my LAN and the DMZ
> > > > > interfaces, but it's not working. It now appears that as well inbound
> > > > > FTP is not working at all.
> > > > >
> > > > > more info in a bit, spam assassin has just died on me
> > > > >
> > > > > On Sat, 2006-03-25 at 12:50 -0500, Scott Ullrich wrote:
> > > > > > Maybe this will help?
> > > > > >
> > > > > > http://faq.pfsense.com/index.php?action=artikel&cat=10&id=103&artlang=en&highlight=ftp
> > > > > >
> > > > > >
> > > > > > On 3/25/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote:
> > > > > > > I don't have outbound passive FTP working for machines in the
> > > > > > > DMZ, what
> > > > > > > the heck am I missing?
> > > > > > >
> > > > > > > I see the default block rule is blocking it, what am I missing?
> > > > > > >
> > > > > > > heres from the status log:
> > > > > > >
> > > > > > > DMZ 10.1.1.150:61272 X.X.X.X:50105 TCP
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
