Hi I'm have a bit of a fetch and ftp problem when it comes to the hosts behind my freebsd 6.2 stable pf firewall. I can use fetch and ftp perfectly fine from the firewall but once I want to use them on one of the hosts behind it I get the following errors.
Trying 204.152.184.73... Connected to ftp.freebsd.org. 220 Welcome to freebsd.isc.org. Name (ftp.freebsd.org:hamba): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 229 Entering Extended Passive Mode (|||5654|) 425 Security: Bad IP connecting. ftp> exit 221 Goodbye. # ftp ftp.de.freebsd.org Connected to ftp.plusline.net. 220- 220-PUBLIC FTP MIRROR 220- 220-Plus.Line AG 220-http://www.plusline.net 220-Frankfurt a. M. 220-Germany 220- 220 Name (ftp.de.freebsd.org:hamba): anonymous 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 229 Entering Extended Passive Mode (|||35507|) 200 EPRT command successful. Consider using EPSV. 150 Here comes the directory listing. ftp: poll timeout waiting before accept: Operation timed out 426 Failure writing network stream. 225 No transfer to ABOR. ftp> exit 221 Goodbye. I have multiple IPs on my external if so I'm using pftpx as the ftp proxy and I followed the man page and added this to my pf.conf nat-anchor "pftpx/*" rdr-anchor "pftpx/*" rdr pass on $int_if proto tcp from 10.0.0.0/8 to any port 21 -> 127.0.0.1 port 8021 anchor "pftpx/*" I also added in the rc.conf file pftpx_enable="YES" pftpx_flags="-p 80.81.242.5" Here is the debug outout I got from pftpx Jul 25 22:50:13 amanzi pftpx[92813]: #1 accepted connection from 10.0.100.150 Jul 25 22:50:13 amanzi pftpx[92813]: #1 server: 220 Welcome to freebsd.isc.org.^M Jul 25 22:50:15 amanzi pftpx[92813]: #1 client: USER anonymous^M Jul 25 22:50:15 amanzi pftpx[92813]: #1 server: 331 Please specify the password.^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 client: PASS ^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: 230 Login successful.^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 client: SYST^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: 215 UNIX Type: L8^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 client: FEAT^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: 211-Features:^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: EPRT^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: EPSV^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: MDTM^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: PASV^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: REST STREAM^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: SIZE^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: TVFS^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: 211 End^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 client: PWD^M Jul 25 22:50:16 amanzi pftpx[92813]: #1 server: 257 "/"^M Jul 25 22:50:17 amanzi pftpx[92813]: #1 client: EPSV^M Jul 25 22:50:17 amanzi pftpx[92813]: #1 server: 229 Entering Extended Passive Mode (|||30018|)^M Jul 25 22:50:17 amanzi pftpx[92813]: #1 proxy: 229 Entering Extended Passive Mode (|||59677|)^M Jul 25 22:50:18 amanzi pftpx[92813]: #1 client: LIST^M Jul 25 22:50:18 amanzi pftpx[92813]: #1 server: 425 Security: Bad IP connecting.^M I have also 2 internal IPs on each host behind the firewall. I have attached my pf.conf file, everything works perfectly without problems except for ftp, I also have to mention that its not all the ftp sites but only some of them, and when I fetch from http it also works. Thanks for the time Reinhold
pf.conf
Description: Binary data
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"