'lo all.
i recently ran into a small issue with ftp-proxy running on my
firewall...I definately know this is a misconfiguration problem
as I have had this working as of yesterday. when I attempt to
connect to a FTP site from behind the firewall, I do get an
initial connection, but then am immediately dropped by the remote
host with the following error:
421 Service not available, remote server has closed connection
and get the following error on the console of my firewall:
Jul 6 08:55:56 smitty ftp-proxy[15298]: cannot find user proxy
running 'tcpdump -n -e -ttt -i pflogd' shows nothing getting blocked.
at first I thought it was not catching it because i had
set loginterface sis0
but I soon changed it to
set loginterface sis2
which is my $TRUST_IF (or internal) interface and still saw no
packets being dropped.
I'm running OpenBSD 3.6 on a Soekris NET4801, relevant files and
outputs are listed below (lines wrapped to be <80 columns)...
here is my relevant lines from my pf.conf:
-----------------------------------------
rdr on $TRUST_IF proto tcp from $TRUST_NET to any port 21 \
-> 127.0.0.1 port 8021
where $TRUST_IF and $TRUST_NET correspond to the NIC and mask
for my internal network.
here is my relevant lines from my inetd.conf:
--------------------------------------------
127.0.0.1:8021 stream tcp nowait root \
/usr/libexec/ftp-proxy ftp-proxy
here is the output of 'netstat -nl':
------------------------------------
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 127.0.0.1.8021 *.* LISTEN
my 'ps -ax' output:
-------------------
PID TT STAT TIME COMMAND
1 ?? Is 0:00.04 /sbin/init
21764 ?? Is 0:02.51 /sbin/mount_mfs -s 16384 /dev/wd0b /tmp
28062 ?? Is 0:00.08 /usr/sbin/inetd
12175 ?? Is 0:00.11 syslogd: [priv] (syslogd)
30702 ?? I 0:00.38 /usr/sbin/syslogd -p /var/run/log
15472 00 Is 0:02.07 -ksh (ksh)
19016 00 ?+ 0:00.00 ps -ax
I'm at a loss at this point...any ideas anyone?
TIA,
ryanc
