The pass rule for 8021 is further up. Why is this not correct?
On 3/27/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote:
> It's still not coming up quite right I believe:
>
> lan = "{ bge0 }"
> wan = "{ xl0 carp0 ng0 }"
> DMZ = "{ em0 }"
> SYNC = "{ em1 }"
>
> rdr on $lan proto tcp from any to any port 21 -> 127.0.0.1 port 8021
> rdr on $DMZ proto tcp from any to any port 21 -> 127.0.0.1 port 8022
>
> # enable ftp-proxy
> pass in quick on em0 inet proto tcp from any to $loopback port 8022 keep
> state label "FTP PROXY: Allow traffic to localhost"
> pass in quick on em0 inet proto tcp from any to $loopback port 21 keep
> state label "FTP PROXY: Allow traffic to localhost"
> pass in quick on em1 inet proto tcp from any to $loopback port 8023 keep
> state label "FTP PROXY: Allow traffic to localhost"
> pass in quick on em1 inet proto tcp from any to $loopback port 21 keep
> state label "FTP PROXY: Allow traffic to localhost"
>
>
>
>
>
> On Sun, 2006-03-26 at 13:44 -0500, Scott Ullrich wrote:
> > If you are running on a full install, please issue:
> >
> > cvs_sync.sh releng_1 && /etc/rc.filter_configure
> >
> > And see if the problem is fixed.
> >
> > Thanks!
> >
> >
> >
> > On 3/25/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > Yep, that'll do it. I'll get that fixed up in a sec.
> > >
> > > On 3/25/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote:
> > > > I'm not sure if this helps, in the rules.debug I see:
> > > >
> > > > # FTP Proxy/helper
> > > > rdr on $lan proto tcp from any to any port 21 -> 127.0.0.1 port 8021
> > > > rdr on $DMZ proto tcp from any to any port 21 -> 127.0.0.1 port 8022
> > > >
> > > > and below that a little ways:
> > > >
> > > > # enable ftp-proxy
> > > > pass in quick on em0 inet proto tcp from any to $loopback port 8021 keep
> > > > state label "FTP PROXY: Allow traffic to localhost"
> > > > pass in quick on em0 inet proto tcp from any to $loopback port 21 keep
> > > > state label "FTP PROXY: Allow traffic to localhost"
> > > > pass in quick on em1 inet proto tcp from any to $loopback port 8021 keep
> > > > state label "FTP PROXY: Allow traffic to localhost"
> > > > pass in quick on em1 inet proto tcp from any to $loopback port 21 keep
> > > > state label "FTP PROXY: Allow traffic to localhost"
> > > >
> > > >
> > > > em0 is my DMZ interface, and I believe that rule above should be 8022
> > > > and not 8021
> > > >
> > > >
> > > >
> > > > On Sat, 2006-03-25 at 15:53 -0500, Scott Ullrich wrote:
> > > > > I fixed some FTP helper issues on inbound from WAN->LAN[DMZ], etc.
> > > > > Try cvs_sync.sh releng_1 and see if it helps. Otherwise after bootup
> > > > > you have to run /etc/rc.filter_configure a second time for it to
> > > > > install the helper correctly.
> > > > >
> > > > > On 3/25/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote:
> > > > > > I don't think thats it, I have that rule on my LAN and the DMZ
> > > > > > interfaces, but it's not working. It now appears that as well
> > > > > > inbound
> > > > > > FTP is not working at all.
> > > > > >
> > > > > > more info in a bit, spam assassin has just died on me
> > > > > >
> > > > > > On Sat, 2006-03-25 at 12:50 -0500, Scott Ullrich wrote:
> > > > > > > Maybe this will help?
> > > > > > >
> > > > > > > http://faq.pfsense.com/index.php?action=artikel&cat=10&id=103&artlang=en&highlight=ftp
> > > > > > >
> > > > > > >
> > > > > > > On 3/25/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote:
> > > > > > > > I don't have outbound passive FTP working for machines in the
> > > > > > > > DMZ, what
> > > > > > > > the heck am I missing?
> > > > > > > >
> > > > > > > > I see the default block rule is blocking it, what am I missing?
> > > > > > > >
> > > > > > > > heres from the status log:
> > > > > > > >
> > > > > > > > DMZ 10.1.1.150:61272 X.X.X.X:50105 TCP
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
