Hi list,
I was trying to set up ftp-proxy for use with a client
(OpenBSD 4.6 workstation, passive ftp only) behind a
firewall (4.5).
I have set up pf.conf on the firewall according to pf
user's guide.
All ftp-proxy anchors have been put first (nat/rdr before
any nat/rdr rules, filtering before any filtering rules)
so other rules should not affect them (filtering rules
inserted by ftp-proxy are "quick" according to man, and
first nat/rdr rule wins anyway).
I use:
set skip on lo
(as I usually do)
and:
ftp-proxy -d -D 7
(for debugging).
>From my understanding the line
rdr on $client_if proto tcp from $client to any port ftp -> \
127.0.0.1 port 8021
should cause the incoming connection to be
1. redirected,
2. not filtered (skip on lo),
3. reach ftp-proxy and therefore
4. enable ftp-proxy to populate the anchors.
However, this seems not to happen (no connection,
no output from ftp-proxy).
When I add something like:
pass in on $client_if from $client to any
ftp-proxy lets me connect to the external ftp server
(debug output of ftp-proxy is as one would expect it).
But even something like:
pass in on $client_if proto { tcp udp } from $client \
to any port ftp
does not work (and as explained above I would
think that this is not necessary at all).
Any ideas?
--
Sicherer, schneller und einfacher. Die aktuellen Internet-Browser -
jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/atbrowser
