issues with ftp from windows

Tue, 10 Apr 2007 18:11:58 -0700 

Hello,
I'm having issues with getting ftp to work on Windows boxes, specifically xpsp2 protected by a pf firewall. I'm running pftpx on FreeBSD 6.2. Unix clients can ftp fine, I do have occational issues with not being able to list directory contents but overall it works fine. Windows clients i get a can not find file messageeverytime, i've tried both active and passive mode in explorer ie6 to be specific no good. Here's the relevant portions of my config: 

# define the two network interfaces
ext_if = "rl0"
int_if = "xl0"

# gateway ftp, user restricted passive or active
# I had to do this so that the firewall box could ftp
ftp_users="{root, proxy}"

scrub all reassemble tcp no-df random-id max-mss 1400

nat on $ext_if from 192.168.1.0/24 to any -> ($ext_if)
nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"

rdr pass on $int_if inet proto tcp from 192.168.1.0/24 to any port ftp -> 
127.0.0.1 port 8021


block log all

anchor "pftpx/*"


pass out quick on $ext_if inet proto tcp from ($ext_if) to any port { 
ftp-data, ftp } keep state
pass in quick on $int_if inet proto tcp from 192.168.1.0/24 to any port { 
ftp-data, ftp } keep state

# These were also needed to allow ftp from the router
# Allow ftp control and passive data connections outbound
pass quick inet proto tcp from ($ext_if) to any user proxy keep state
# Allow ftp active data connections inbound
pass quick inet proto tcp from any to ($ext_if) user proxy keep state
# Passive mode connection?
pass quick inet proto tcp from port 20 to any user proxy keep state
# For FTP servers that violate RFC 959?
pass quick inet proto tcp from any to $int_if user proxy keep state


I've tried doing a tcpdump on the pflog0 interface while a windows box is 
trying to ftp, i'm not getting any output at all. Trying the same command on 
the internal interface of the router, floods me with arp and again i see 
nothing useful. Any help appreciated.

Thanks.
Dave.

_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"














    











					Reply via email to