Re: Outgoing FTP connections with pf and ftp-proxy
NetOpsCenter wrote:
Matthias Kellermann wrote:
Hi list,
I'm trying to get outgoing FTP sessions to work with pf and
ftp/ftp-proxy in a NAT environment.
My simple config on a test machine looks like this:
--
int_if = rl0
localnet = 192.168.0.0/24
tcp_services = { ssh, domain, www, https, ftp }
udp_services = { domain }
nat on $int_if from $localnet to any - ($int_if)
rdr pass proto tcp from any to any port ftp - 127.0.0.1 port 8021
block all
pass from $localnet to any keep state
pass proto udp to any port $udp_services keep state
pass out proto tcp to any port $tcp_services keep state
pass in proto tcp from any to any user proxy keep state
pass in proto tcp from any to any port ssh keep state
--
FTP login works fine. But if I want to do a ls on the FTP server I get
the following error on the client (no matter if NAT client or gateway):
425 Failed to establish connection.
Any idea whats wrong with my setup?
Thanks,
Matthias
Aloha Matthias,
I am having the same ftp problem on servers that are on an ATM 5 IP
circuit. There is no NAT involved with one of these. The outbound FTP
goes out but I cant get the files to list when I go inbound from
outside on an recognized IP.
SSH on the same box works fine.
It would make my day to get this working.
~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740
+ http://hawaiidakine.com + http://freebsdinfo.org + [EMAIL PROTECTED] +
+ http://aloha50.net - Supporting - FreeBSD 6.* - 7.* +
All that's really worth doing is what we do for others.- Lewis Carrol
Followup :
I found what the problem was with ftp on my ATM line setup finally.
In order to pass data as Jonathan Horne suggested you have to add a
special line to identify the ports used passively.
Add the line below to the pf.conf below the ftp port 21 or 8021
pass in on $ext_if proto tcp from any to $ext_if port 49151
I found this buried in the middle of an article I searched on PF self
protecting an FTP Server
Thanks
~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740
+ http://hawaiidakine.com + http://freebsdinfo.org + [EMAIL PROTECTED] +
+ http://aloha50.net - Supporting - FreeBSD 6.* - 7.* +
All that's really worth doing is what we do for others.- Lewis Carrol
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Outgoing FTP connections with pf and ftp-proxy
Jonathan Horne schrieb: what about adding port 20 to your tcp_services definition (or perhaps pf will accept the word 'ftp-data') ? hth, Thanks Jonathan. After adding ftp-data to the tcp_services list I could connect to one FTP server successfully, but another one did not work. I've tried both passive and active mode without success. Any help is really appreciated. Thanks, Matthias signature.asc Description: OpenPGP digital signature
Re: Outgoing FTP connections with pf and ftp-proxy
On Sunday 27 January 2008 19:48:33 Matthias Kellermann wrote: I'm trying to get outgoing FTP sessions to work with pf and ftp/ftp-proxy in a NAT environment. Are you sure you need it? FTP should work out of the box on BSD boxes, since by default FTP_PASSIVE_MODE=yes is set in environment. No ftp-proxy should be needed for outgoing traffic. Incoming is a different story. If you disable this ftp-proxy setup, can you fetch a package from one of the FreeBSD ftp servers? I have a net with pf nat, so if you have specific servers that don't work for you, maybe I can see if those don't work for me either. Any specific ftp-client program? For me, the default ftp client, ncftp3, browser ftp and fetch all work. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Outgoing FTP connections with pf and ftp-proxy
On Sunday 27 January 2008 03:31:21 pm NetOpsCenter wrote:
Matthias Kellermann wrote:
Hi list,
I'm trying to get outgoing FTP sessions to work with pf and
ftp/ftp-proxy in a NAT environment.
My simple config on a test machine looks like this:
--
int_if = rl0
localnet = 192.168.0.0/24
tcp_services = { ssh, domain, www, https, ftp }
udp_services = { domain }
nat on $int_if from $localnet to any - ($int_if)
rdr pass proto tcp from any to any port ftp - 127.0.0.1 port 8021
block all
pass from $localnet to any keep state
pass proto udp to any port $udp_services keep state
pass out proto tcp to any port $tcp_services keep state
pass in proto tcp from any to any user proxy keep state
pass in proto tcp from any to any port ssh keep state
--
FTP login works fine. But if I want to do a ls on the FTP server I get
the following error on the client (no matter if NAT client or gateway):
425 Failed to establish connection.
Any idea whats wrong with my setup?
Thanks,
Matthias
Aloha Matthias,
I am having the same ftp problem on servers that are on an ATM 5 IP
circuit. There is no NAT involved with one of these. The outbound FTP
goes out but I cant get the files to list when I go inbound from
outside on an recognized IP.
SSH on the same box works fine.
It would make my day to get this working.
~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740
+ http://hawaiidakine.com + http://freebsdinfo.org + [EMAIL PROTECTED] +
+ http://aloha50.net - Supporting - FreeBSD 6.* - 7.* +
All that's really worth doing is what we do for others.- Lewis Carrol
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
what about adding port 20 to your tcp_services definition (or perhaps pf will
accept the word 'ftp-data') ?
hth,
--
Jonathan Horne
http://dfwlpiki.dfwlp.org
freebsd08 [EMAIL PROTECTED] dfwlp.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Outgoing FTP connections with pf and ftp-proxy
Hi list,
I'm trying to get outgoing FTP sessions to work with pf and
ftp/ftp-proxy in a NAT environment.
My simple config on a test machine looks like this:
--
int_if = rl0
localnet = 192.168.0.0/24
tcp_services = { ssh, domain, www, https, ftp }
udp_services = { domain }
nat on $int_if from $localnet to any - ($int_if)
rdr pass proto tcp from any to any port ftp - 127.0.0.1 port 8021
block all
pass from $localnet to any keep state
pass proto udp to any port $udp_services keep state
pass out proto tcp to any port $tcp_services keep state
pass in proto tcp from any to any user proxy keep state
pass in proto tcp from any to any port ssh keep state
--
FTP login works fine. But if I want to do a ls on the FTP server I get
the following error on the client (no matter if NAT client or gateway):
425 Failed to establish connection.
Any idea whats wrong with my setup?
Thanks,
Matthias
signature.asc
Description: OpenPGP digital signature
Re: Outgoing FTP connections with pf and ftp-proxy
Matthias Kellermann wrote:
Hi list,
I'm trying to get outgoing FTP sessions to work with pf and
ftp/ftp-proxy in a NAT environment.
My simple config on a test machine looks like this:
--
int_if = rl0
localnet = 192.168.0.0/24
tcp_services = { ssh, domain, www, https, ftp }
udp_services = { domain }
nat on $int_if from $localnet to any - ($int_if)
rdr pass proto tcp from any to any port ftp - 127.0.0.1 port 8021
block all
pass from $localnet to any keep state
pass proto udp to any port $udp_services keep state
pass out proto tcp to any port $tcp_services keep state
pass in proto tcp from any to any user proxy keep state
pass in proto tcp from any to any port ssh keep state
--
FTP login works fine. But if I want to do a ls on the FTP server I get
the following error on the client (no matter if NAT client or gateway):
425 Failed to establish connection.
Any idea whats wrong with my setup?
Thanks,
Matthias
Aloha Matthias,
I am having the same ftp problem on servers that are on an ATM 5 IP
circuit. There is no NAT involved with one of these. The outbound FTP
goes out but I cant get the files to list when I go inbound from
outside on an recognized IP.
SSH on the same box works fine.
It would make my day to get this working.
~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740
+ http://hawaiidakine.com + http://freebsdinfo.org + [EMAIL PROTECTED] +
+ http://aloha50.net - Supporting - FreeBSD 6.* - 7.* +
All that's really worth doing is what we do for others.- Lewis Carrol
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
