On Sat, 11 Aug 2007, Mike Taylor wrote:
> I have an OpenBSD 4.1 box acting as a firewall. I want to ftp from a windows
> box into the firewall but I get the message "425 Can't build data connection:
> Connection refused.". Here's how I have things configured:
I'm not much help.
But whoever is will want to know where this ftp client is -- is
it coming in from the LAN (on fxp0) or from the outside (on dc0)?
I don't see anything for handling outside connections, and I don't
understand why an insider box would need any rules at all
Dave
>
> /etc/pf.conf
> ------------
>
> # macros
> ext_if="dc0"
> int_if="fxp0"
>
> # options
> set block-policy return
> set loginterface $ext_if
>
> set skip on lo
>
> # scrub
> scrub in
>
> # nat/rdr
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
>
> rdr pass on $int_if proto tcp to port 21 -> 127.0.0.1 port 8021
>
> # filter rules
> block in
>
> pass out keep state
>
> anchor "ftp-proxy/*"
> antispoof quick for { lo $int_if }
>
> pass quick on $int_if
>
>
>
>
>
> /etc/rc.conf.local
> ------------------
>
> ftpproxy_flags="-r"
>
>
>
>
>
> /etc/inetd.conf
> ---------------
>
> ftp stream tcp nowait root /usr/libexec/ftpd ftpd
> -USlln
>
>
>
>
> Here's what I get when I try to ftp in:
>
>
> 331 Password required for mike.
> Password:
> 230 User mike logged in.
> ftp> dir
> 200 PORT command successful.
> 425 Can't build data connection: Connection refused.
> ftp>
>
>
>
> What am I doing wrong? thanks for any help.
>
>
> regards,
> Mike
>
>
--
"America ... might become dictatress of the world.
She would be no longer the ruler of her own spirit."
-- John Quincy Adams, July 4, 1821
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies
