On Thu, Feb 02, 2006 at 11:21:02AM +1100, Karl Kopp wrote:
> Hi Everyone!
>
> I just upgraded one of our firewalls from 3.0 OBSD (I know, I know, I've
> been busy, for 4 years :) to 3.8 (which took 30 mins - LOVE that!). I've
> also added ftp-proxy from current to handle all our FTP connections. Things
> are working MUCH better now (browsers can hit FTP servers on the outside
> world) but I'm still having problems with the ftp cmd in Windows (XP for
> example). BSD / Linux boxes can use their CLI FTP command no probs (seem to
> default to PASV), but Windows just wont connect. I've used the info from
> here <http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8> and
> here <http://www.openbsd.org/faq/current.html#20051116> but still can't seem
> to connect. ftp-proxy is running, and I have the following lines in my
> pf.conf:
>
> scrub in all
>
> ##################################
> # FTP bits
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr pass on $int_if proto tcp from $internal_net to any port 21 ->
> 127.0.0.1por
> t 8021
>
>
> ...
>
>
> ###################################
> # Begin filtering ruleset
>
> # For FTP
> anchor "ftp-proxy/*"
> pass out proto tcp from $external_addr to any port 21 keep state
Well, as you noted, all FTP clients you used use PASV, but the Windows
CLI ftp client doesn't support that (and a lot of other things, BTW).
I'm not up to speed on the new ftp-proxy, but try setting a
non-Windows-CLI client to use active FTP and see if the same thing
happens - it'll at least isolate the error.
Joachim
