On Nov 20, 2007 1:55 AM, Raja Subramanian <[EMAIL PROTECTED]> wrote: > On 11/20/07, Jake Conk <[EMAIL PROTECTED]> wrote: > > # Pass ftp-proxy stuff > > pass in on $ext_if inet proto tcp to $ext_carp_ip port 21 \ > > flags S/SA > > pass out on $int_if inet proto tcp to $ftp_server port 21 \ > > user proxy flags S/SA > > anchor "ftp-proxy/*" > > The explicit pass rules are not require for ftp-proxy. Have > you tried without them? man page specifies exactly what > you need. > > Please run ftp-proxy with the "-d -D7 -v" flags, connect to > ftp.openbsd.org, and post ftp-proxy and your pf log output. > > - Raja >
Thanks for your reply, I did as you said and i didn't get any further but here is the output information from ftp-proxy in-case you see anything useful... All I did was log in and attempt to list the directory contents where it then hung and disconnected me. This example of course is me trying to connect to ftp.openbsd.org from a client computer (192.168.10.9) behind the openbsd router (192.168.10.1). $ sudo /usr/sbin/ftp-proxy -d -D7 -v -p 8021 127.0.0.1 listening on 127.0.0.1 port 8021 #1 accepted connection from 192.168.10.9 #1 FTP session 1/100 started: client 192.168.10.9 to server 129.128.5.191 via proxy <MYPUBIP> #1 server: 220-\r\n #1 server: 220- Welcome to SunSITE Alberta\r\n #1 server: 220-\r\n #1 server: 220- at the University of Alberta, in Edmonton, Alberta, Canada\r\n #1 server: 220-\r\n #1 server: 220-All connections to and transfers from this server are logged. If \r\n #1 server: 220-you do not like this policy, please disconnect now.\r\n #1 server: 220-\r\n #1 server: 220-You may want to grab the index file called "ls-lR.gz" in /pub. It is \r\n #1 server: 220-updated nightly with the contents of the ftp tree. \r\n #1 server: 220-\r\n #1 server: 220- If you have any questions, hints, or requests, please email\r\n #1 server: 220-\r\n #1 server: 220- [EMAIL PROTECTED] #1 server: 220-\r\n #1 server: 220 \r\n #1 client: USER anonymous\r\n #1 server: 331 Who are you impersonating today?\r\n #1 client: PASS \r\n #1 server: 230-\r\n #1 server: 230- Welcome to Sunsite Alberta\r\n #1 server: 230- Login Successful.\r\n #1 server: 230 Your data rate unrestricted\r\n #1 client: SYST\r\n #1 server: 215 UNIX Type: L8\r\n #1 client: PORT 192,168,10,9,128,50\r\n #1 proxy: PORT X,X,X,X,195,153\r\n #1 server: 200 PORT command successful - not using PASV eh?\r\n #1 active: server to client port 32818 via port 50073 #1 client: LIST\r\n #1 server: 425 Timeout establishing data connection - Broke your packet filters again eh?\r\n ^Cftp-proxy exiting on signal 2 #1 ending session I was also watching my pflog but nothing came up regarding ftp-proxy so there's nothing to paste with that. Idk what else to do because this works with another server of mine just fine :( Any other ideas? Thanks, - Jake
