Hi all, I'm about to turn nuts over ftp-proxy. I would greatly appreciate any assistance. The problem is I can't get active FTP to work and I need it for my clients to communicate with a bank. The clients are behind a pf firewall which is doing nat and firewalling for the whole internal subnet.
Running OpenBSD 4.0 -stable -release I have taken the faq-example1 from /usr/share/pf and modified the interfaces and removed the port 80 redirect (since I do not have a webserver internally). /usr/sbin/ftp-proxy is running with -r #ps -xa 12876 ?? Is 0:00.06 /usr/sbin/ftp-proxy -r Passive FTP works instantly, but active does not. I do get a control connection, but it holds when I try to retrieve data. My pf.conf: # $OpenBSD: faq-example1,v 1.4 2006/06/16 17:26:59 jasper Exp $ # # Firewall for Home or Small Office # http://www.openbsd.org/faq/pf/example1.html # # macros ext_if="pcn0" int_if="fxp0" icmp_types="echoreq" # options set block-policy return set loginterface $ext_if set skip on lo # scrub scrub in # nat/rdr nat on $ext_if from !($ext_if) -> ($ext_if:0) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 # filter rules block in pass out keep state anchor "ftp-proxy/*" antispoof quick for { lo $int_if } pass in inet proto icmp all icmp-type $icmp_types keep state pass quick on $int_if #end pf.conf Thanks. Nils Reuvers ============================================================================= ==================== A disclaimer applies to this email and any attachments. Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this disclaimer.
