Hi,
I have a Sunfire V120, sparc64, OpenBSD 3.9 performing NAT and assorted
firewall duties. It is working 100%, including proxying ftp requests
from the internal network.
Today I went to do an FTP directly from the server (perl CPAN), and it
failed.
Looking at blocked packets, I see that packets coming in to the ftp port
(tcpdump -r /var/log/pflog) are being blocked.
Knowing a bit about ftp, I think I can understand why.
Normally, the traffic would be allowed by my "pass out keep state"
statement, but in the case of the bogus FTP protocol, data packets are
coming back to the firewall without an outgoing packet to initiate the
"state".
To "activate" the proxy for the internal network, I am using:
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
This works 100%
But in the case of traffic originating directly from the server, it
won't have gone through the internal interface, so won't even hit the proxy.
What do I need to do to allow ftp to work directly from the firewall?
Thanks,
Steve Williams
