I am trying to use pftpx to solve the "strict" ftp clients (clients that want data connections to the same IP as the control connection) issue on a FTP Server INSIDE the firewall
I found out that I can't use port redirects on all my external IPS since the FTP Clients have IP Strictness It is the classic Passive FTP problem. I have a firewall in front of an ftp server. I have multiple Ips bound to the Firewall that need to goto the same FTP server (thus the IP issue with strictness) SO I want a pf.conf that will allow me to allow all incoming PASSIVE and ACTIVE FTP connections to any of the Ips to goto the one FTP server I assume that I can use pftpx to proxy all incoming connections? I found only this reference to a possible solution, but I cant seem to get it to work in my pf.conf http://wiki.pfsense.com/wikka.php?wakka=IncomingFTPHowToCan anyone give me an example of how that would be done? Below is a trimmed down version of my pf.conf with the rules for outbound pftpx which is working great but in need imbound. int_if=fpx0 ext_if=fxp1 int_net="192.168.0.0/24" ext_net="{232.333.333.2,232.333.333.3,232.333.333.4}" #FTP out from int_net nat-anchor "pftpx/*" rdr-anchor "pftpx/*" rdr pass on $int_if proto tcp from $int_net to any port 21 -> 127.0.0.1 port 8021 #In the rule section: anchor "pftpx/*" _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
