ftp-proxy and packetfilter + vlans

Mon, 29 Jan 2007 03:22:52 -0800 

hey all,
first of all: i'm not subscribed to the mailinglist, so please send replies to me personally too. thanks! :) 

what's this mail about? i'll explain how the network is setup.

internet (0.0.0.0/0)
   |
openbsdcluster -- windows management (192.168.2.0/24)
   |
management network (192.168.0.0/24)
   |
linux packet forwarding cluster
   |
internal network (192.168.1.0/24)

now, the external interface of the openbsd cluster is on bge0
the management interface is on em0, vlan 1
windows management interface is on em0, vlan 2

internal network is another vlan... but not defined on an interface of 
the openbsd cluster (du'uh ;))

those are the 3 networks the openbsd cluster is on


now, i want ftp for my internal computers and for my windows management 
and other management network, so i thought:


 nat-anchor "ftp-proxy/*"
 rdr-anchor "ftp-proxy/*"

 rdr on vlan1  inet proto tcp from vlan2:network   to any port 21 -> 
127.0.0.1 port 8021
 rdr on vlan1  inet proto tcp from 192.168.1.0/24  to any port 21 -> 
127.0.0.1 port 8021
 rdr on vlan2  inet proto tcp from vlan2:network   to any port 21 -> 
127.0.0.1 port 8021


but... that doesnt seem to work. what i did now as a workaround:
rdr on em0  inet proto tcp from any to any port 21 -> 127.0.0.1 port 8021


this one seems to work perfectly... can anyone tell me what's wrong with 
defining vlans for traffic? if it's impossible, why? and what's the 
best/correct way of allowing traffic to the ftp proxy?


should i do it like this?:

 rdr on em0  inet proto tcp from vlan2:network   to any port 21 -> 
127.0.0.1 port 8021
 rdr on em0  inet proto tcp from 192.168.1.0/24  to any port 21 -> 
127.0.0.1 port 8021
 rdr on em0  inet proto tcp from vlan2:network   to any port 21 -> 
127.0.0.1 port 8021


thanks in advance!

ps if there are more questions, don't hesitate to ask!

--
harry
aka Rik Bobbaers

K.U.Leuven - LUDIT          -=- Tel: +32 485 52 71 50
[EMAIL PROTECTED] -=- http://people.linux-vserver.org/~harry

thinking always leads to conclusions... and those can be extremely dangerous
-- me ;)

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm















    











					Reply via email to