how FTP works http://slacksite.com/other/ftp.html http://pintday.org/whitepapers/ftp-review.shtml
how to apply the rules in PF using FTP-Proxy http://www.aei.ca/~pmatulis/pub/obsd_ftp.html
Siju George wrote:
hi all,
I configured OpenBSD 3.5 PF as said in the FAQ.
For the clients behind my PF firewall to access ftp servers I put this line in the pf.conf file
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1:8021
I also have the following line uncommented from /etc/inetd.conf
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
Now the FTP clients behind the PF firewall cant connect to the ftp servers on the internet username is authenticated successfully. but listing of files is not possible.
It is not a problem with user permission because if I FTP from the OpenBSD firewall itslef as the same user to the same FTP server I am able to list the files.
I'll paste the output of ftp commands issued from both OpenBSD and a client behind OpenBSD below. Domain names and user names are replaced with "aaaaa " for the sake of security.
Could someone please point out the trouble?
Thankyou somuch
Siju
---FTP command Output when Remote FTP Server is accessed form the OpenBSD Firewall----
rain# ftp aaaa.aaa Connected to aaaa.aaa. 220-=(<*>)=-.:. (( Welcome to PureFTPd 1.0.12 )) .:.-=(<*>)=- 220-You are user number 5 of 50 allowed. 220-Local time is now 01:41 and the load is 0.30. Server port: 21. 220 You will be disconnected after 15 minutes of inactivity. Name (aaaa.aaa:root): aaaaaa 331 User aaaaaa OK. Password required Password: 230-User aaaaaa has group access to: aaaaaa 230 OK. Current restricted directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 500 Unknown command 227 Entering Passive Mode (64,235,230,209,152,108) 150 Accepted data connection drwxr-x--- 3 32651 12 4096 Sep 25 02:25 etc drwxrwx--- 19 32651 12 4096 Sep 28 16:11 mail drwxr-x--- 3 32651 aaaaaa 4096 Sep 23 09:56 public_ftp drwxr-xr-x 13 32651 99 4096 Sep 23 23:43 public_html drwx------ 6 32651 aaaaaa 4096 Sep 23 10:10 tmp lrwxrwxrwx 1 32651 aaaaaa 11 Sep 23 09:56 www -> public_html 226-Options: -l 226 6 matches total ftp>
------------------------------------------------------------------------------------------------------------------------
Now,
---FTP command Output when Remote FTP Server is accessed form an ftp-client behind the OpenBSD Firewall----
ftp aaaa.aaa Connected to aaaa.aaa 220-=(<*>)=-.:. (( Welcome to PureFTPd 1.0.12 )) .:.-=(<*>)=- 220-You are user number 2 of 50 allowed. 220-Local time is now 01:10 and the load is 0.47. Server port: 21. 220 You will be disconnected after 15 minutes of inactivity. User (aaaa.aaa:(none)): aaaaaaa 331 User aaaaaaa OK. Password required Password: 230-User aaaaaaa has group access to: aaaaaaa 230 OK. Current restricted directory is / ftp> ls 200 PORT command successful 425 Could not open data connection to port 57234: Connection timed out
----------------------------------------------------------------------------------------
Thanks a lot
Siju
-- clint Cryptek, Inc.
