On Thu, 2008-10-16 at 11:25 -0700, Johan Beisser wrote:
> Either switch to passive ftp, or open your ftp-data port.
>
> That should solve some of your problems.
My problem seems to be similar to the thread "Active FTP doesn't work
through a 3.3 firewall". I do actually have entries in pflog which I
missed because they are incoming with source port 20. So, I added:
pass in quick on $ext_if proto tcp from any port 20 to $ext_if port
{ 40000 >< 65500 }
and I can now use pkg_info.
> On 10/16/08, Kendall Shaw <[EMAIL PROTECTED]> wrote:
> > I get no reply when I try to subscribe to the pf mailing list, so I'll
> > ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in the
> > pf faq to allow ftp from my internal lan via nat, which works, but I
> > can't ftp from the computer that is running pf unless I use ftp -AaE as
> > I read about in a post on this list I think. And, I am unable to
> > retrieve or query package or install ports.
> >
> > If I simply use ftp without arguments, I can login but I can't list
> > directories. It hangs after printing 200 EPRT command successful.
> >
> > I tried setting FETCH_CMD to '/usr/bin/ftp -AaE' but I still can not use
> > pkg_add, and I can't use pkg_info. If I try to build a port, it can't
> > retrieve the files. I would prefer to fix my pf rules. What do I need to
> > do to allow ftp, package tools and ports to work from the machine
> > running pf?
> >
> > Also, my filtering rules start with "block log all", which I hoped would
> > log anything that is blocked, but I don't see anything that looks like
> > ftp being blocked in pflog. If I disable pf, package tools work. Is
> > there a way to log everything that is blocked?
> >
> > Kendall
