Hmmm I don't know# pfctl -f /etc/pf.conf
/etc/pf.conf:95: unknown user _ftp-proxy
pfctl: Syntax error in config file: pf rules not loaded
I would like to make sure that this rule would match only if it's coming from
the ftp-proxy
pass out quick on $int_if inet proto tcp from $int_add to
$ftp_internal_address
Thank you
Le Samedi 14 janvier 2017 14h40, Sebastien Marie <sema...@online.fr> a
écrit :
On Sat, Jan 14, 2017 at 12:11:54PM +0000, Mik J wrote:
> Openbsd 6.0
> Hello,
> I have a ftp server behind my PF firewall and I would like to be able to ftp
in from the internet
> It doesn't work with# /usr/sbin/ftp-proxy -D7 -v -R @ftp_internal_address
-p21 -b @external_address
> anchor "ftp-proxy/*"
> pass in quick on $ext_if inet proto tcp to $ext_add port 21 flags S/SAFR
modulate state
> pass out quick on $int_if inet proto tcp from $int_add to
$ftp_internal_address user proxy
>
> But works when I remove the "user proxy" in the last rule
So it is related to the user.
>From ftp-proxy(8) man page:
   ftp-proxy chroots to "/var/empty" and changes to user
   "_ftp-proxy" to drop privileges.
> Does someone knows why ?
you should allow the "_ftp-proxy" user, and not the "proxy" user to make
it works as expecting.
thanks.
--
Sebastien Marie
