Hello, I got a laptop with the operating system FreeBSD 6.1 with router firewall netgear and an ADSL modem to connect on the internet. I would like to setup a personnal firewall on my computer and I choose OpenBSD pf. The only network interface is ndis0.
The filtering method is quite simple : everything is blocked and only what I need is authorized. However I have a problem with FTP protocol. I tryed ftp-proxy without success Here my configuration files #### rc.conf inetd_enable="YES" inetd_flags="-wW -c 60 -a 127.0.0.1" #### inetd.conf ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -u proxy -m 49151 -M 50000 #### /etc/services ftp-proxy 8021/tcp #FTP Proxy With sockstat -4 command i have: root inetd 838 5 tcp4 127.0.0.1:8021 *:* #### pf.conf: # $FreeBSD: pf.conf,v 1.0 2006/10/31 21:49:20 olivier Exp $ # --------------------- # Macros. # --------------------- # Network interface int_if_1="lo0" int_if_2="ndis0" # tcp flags tcpflags="flags S/SFRA" # Router/firewall Netgear wpnt834="192.168.1.1" # Proxy http proxy_http="proxy.free.fr" proxy_port="3128" # Log logblock="" logpass="log" # --------------------- # Options. # --------------------- set block-policy drop # --------------------- # Normalisation. # --------------------- scrub in all # --------------------- # Redirection. # --------------------- rdr on $int_if_2 proto tcp from any to any port 21 \ -> 127.0.0.1 port 8021 # --------------------- # Filtering. # --------------------- # -------------- # default. # -------------- block $logblock all pass in quick on $int_if_1 all pass out quick on $int_if_1 all # Antispoof antispoof for { $int_if_1 $int_if_2 } block in $logblock quick from no-route block out $logblock quick from no-route # --------------- # User. # --------------- # DHCP with router/firewall Netgear wpnt834 pass out $logpass quick on $int_if_2 proto tcp from ($int_if_2) to \ $wpnt834 port bootpc $tcpflags keep state # DNS pass out $logpass quick on $int_if_2 proto udp from ($int_if_2) to \ any port domain keep state # Proxy pass out $logpass quick on $int_if_2 proto tcp from ($int_if_2) to \ $proxy_http port $proxy_port $tcpflags keep state # ICMP pass out $logpass quick on $int_if_2 inet proto icmp from ($int_if_2) \ to any icmp-type 8 code 0 keep state # http et https pass out $logpass quick on $int_if_2 proto tcp from ($int_if_2) to \ any port { http https } $tcpflags keep state # ftp with ftp-proxy pass in $logpass on $int_if_2 inet proto tcp from $int_if_2 port > 49151 \ keep state # (MSN, IRC, ICQ et Jabber) pass out $logpass quick on $int_if_2 proto tcp from ($int_if_2) to \ any port { 16863 6667 5190 5222 } $tcpflags keep state # cvsup pass out $logpass quick on $int_if_2 proto tcp from ($int_if_2) to \ any port 5999 $tcpflags keep state # End of file After, i used ftp command and i have this message: Trying 62.243.72.50... ftp: connect: Operation not permitted ftp> I think my rdr doesn't work at all but i don't know why ? Could you help me about this? I remind I got only one host and one network interface. Thank you very much.