Re: ftp-proxy(8) and pf question

Camiel Dobbelaar wrote: You can try src/usr.sbin/ftp-proxy (only in cvs, you have to build it yourself) http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ftp-proxy/ It used to be called pftpx, which you can google for. Disclaimer: I wrote it. Cool, this is what I needed. It runs perfect an

Re: ftp-proxy(8) and pf question

Hi, Matt Rowley wrote: As far as I know, this only applies to _active_ ftp, about which I am not concerned at the moment. Ah yes... that's what I get for doing e-mail at 6am. :-/ no bother. Your problem description seems to imply that you have a block out all and that you're only allowin

Re: ftp-proxy(8) and pf question

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan A. Rickauer Sent: Monday, September 19, 2005 7:53 AM Cc: misc Subject: Re: ftp-proxy(8) and pf question Matt Rowley wrote: > You have the rdr sending outbound 21 to the ftp-proxy service, but you > also need to let tr

Re: ftp-proxy(8) and pf question

--On 19 September 2005 11:14 +0200, Stephan A. Rickauer wrote: I've read "PF: Issues with FTP" carefully and tried to setup ftp-proxy(8) on the firewall. Now it seems I have a fundamental misunderstanding on how it should work. My client is 172.16.3.99 An example FTP server is 195.135.221

Re: ftp-proxy(8) and pf question

> As far as I know, this only applies to _active_ ftp, about which I am > not concerned at the moment. Ah yes... that's what I get for doing e-mail at 6am. :-/ Your problem description seems to imply that you have a block out all and that you're only allowing selet outbound traffic. In which c

Re: ftp-proxy(8) and pf question

Stephan A. Rickauer wrote: > Hello, > > in migrating our netfilter box to a pf box I need to solve one > remaining problem: Passive FTP (sigh) > > I've read "PF: Issues with FTP" carefully and tried to setup > ftp-proxy(8) on the firewall. Now it seems I have a fundamental > misunderstanding on h

Re: ftp-proxy(8) and pf question

Matt Rowley wrote: You have the rdr sending outbound 21 to the ftp-proxy service, but you also need to let traffic back in to the service: As far as I know, this only applies to _active_ ftp, about which I am not concerned at the moment. Thanks anyway. -- Stephan A. Rickauer ---

Re: ftp-proxy(8) and pf question

Of course, I do NAT on the pf box, that routes traffic from LAN to the Internet. The mentioned rdr rule works, so traffic on 21 is redirected to localhost:8021 ... However, thought the initial control connection is redirected, the subsequent ones are not. tcpdump output: pass in on em0: 172.16

ftp-proxy(8) and pf question

Hello, in migrating our netfilter box to a pf box I need to solve one remaining problem: Passive FTP (sigh) I've read "PF: Issues with FTP" carefully and tried to setup ftp-proxy(8) on the firewall. Now it seems I have a fundamental misunderstanding on how it should work. My client is 17