Hi, I can't get active ftp to work through pf and ftp-proxy. -Passive ftp works fine.
I use ftp from a Windows-pc and have been testing on ftp.openbsd.org and ftp.sunet.se. I've dumbed down pf.conf as much as I possibly can. Still no go. I had an older snapshot but upgraded just now - no difference. ------------------------------------------------------------------- # cat /etc/pf.conf set block-policy return set loginterface egress set skip on lo anchor "ftp-proxy/*" pass in quick log on em0 inet proto tcp to port ftp divert-to 127.0.0.1 port 8021 pass out quick log proto tcp from (self) to any port ftp match out on egress from em0:network nat-to egress pass in on em0 inet proto tcp to em0:0 port ssh pass out log pass in log on em0 -------------------------------------------------------------- # ps auxwww | grep ftp-proxy proxy 16586 0.0 0.1 640 1104 ?? Is 8:38PM 0:00.01 /usr/sbin/ftp-proxy -vv -D7 -------------------------------------------------------------- # uname -a OpenBSD left.hytherm.local 5.6 GENERIC#335 i386 -------------------------------------------------------------- # grep -v unbound /var/log/daemon Sep 22 20:00:01 left newsyslog[2774]: logfile turned over Sep 22 20:25:53 left ntpd[31904]: ntp engine ready Sep 22 20:25:54 left savecore: no core dump Sep 22 20:25:55 left ftp-proxy[20919]: listening on 127.0.0.1 port 8021 Sep 22 20:25:55 left sensorsd[29748]: startup, system has 1 sensors Sep 22 20:26:14 left ntpd[31904]: peer 87.232.1.41 now valid Sep 22 20:26:17 left ntpd[31904]: peer 54.246.100.200 now valid Sep 22 20:26:20 left ntpd[31904]: peer 54.229.136.168 now valid Sep 22 20:27:12 left ntpd[19159]: adjusting local clock by 0.605419s Sep 22 20:27:45 left ntpd[19159]: adjusting local clock by 0.440419s Sep 22 20:29:22 left ntpd[31904]: clock is now synced Sep 22 20:31:46 left ntpd[31904]: peer 149.157.192.5 now valid Sep 22 20:38:06 left ftp-proxy[20919]: exiting on signal 15 Sep 22 20:38:27 left ftp-proxy[16586]: listening on 127.0.0.1 port 8021 Sep 22 20:38:40 left ftp-proxy[16586]: #1 FTP session 1/100 started: client 192.168.1.89 to server 194.71.11.69 via proxy x.x.x.x Sep 22 20:38:46 left ftp-proxy[16586]: #1 active: server to client port 16240 via port 51904 Sep 22 20:41:42 left ftp-proxy[16586]: #1 client close Sep 22 20:41:42 left ftp-proxy[16586]: #1 ending session Sep 22 20:41:44 left ftp-proxy[16586]: #2 FTP session 1/100 started: client 192.168.1.89 to server 129.128.5.191 via proxy x.x.x.x Sep 22 20:41:48 left ftp-proxy[16586]: #2 active: server to client port 16259 via port 57767 Sep 22 20:42:25 left ftp-proxy[16586]: #2 active: server to client port 16265 via port 63504 Sep 22 20:42:36 left ftp-proxy[16586]: #2 server close Sep 22 20:42:36 left ftp-proxy[16586]: #2 ending session Sep 22 20:43:22 left ftp-proxy[16586]: #3 FTP session 1/100 started: client 192.168.1.89 to server 129.128.5.191 via proxy x.x.x.x Sep 22 20:43:25 left ftp-proxy[16586]: #3 active: server to client port 16276 via port 49835 Sep 22 20:43:28 left ftp-proxy[16586]: #3 active: server to client port 16277 via port 52764 Sep 22 20:43:39 left ftp-proxy[16586]: #3 active: server to client port 16278 via port 53960 Sep 22 20:43:44 left ftp-proxy[16586]: #3 server close Sep 22 20:43:44 left ftp-proxy[16586]: #3 ending session Sep 22 20:51:54 left ntpd[19159]: adjusting clock frequency by 0.252153 to 29.320203ppm
