On Sun, Jan 15, 2017 at 12:26:41PM +0100, Sebastien Marie wrote:
> On Sun, Jan 15, 2017 at 11:04:39AM +, Mik J wrote:
> > Thank you Sebastien, it works.
> > I was confused because I tried so many things.
> > Yes the man tells "_ftp-proxy" and this page
> > https://www.openbsd.org/faq/pf/ftp.html#natserverTells "proxy"
> >
>
> Congratulations, you found two documentation bugs !
>
> The man page one was already commited by deraadt@, for the faq the
> following patch should do the work.
Indeed, thanks to both of you!
>
> Thanks.
> --
> Sebastien Marie
>
>
> Index: faq/pf/ftp.html
> ===
> RCS file: /cvs/www/faq/pf/ftp.html,v
> retrieving revision 1.59
> diff -u -p -r1.59 ftp.html
> --- faq/pf/ftp.html 19 Sep 2016 23:44:47 - 1.59
> +++ faq/pf/ftp.html 15 Jan 2017 11:22:23 -
> @@ -197,12 +197,12 @@ ftp_ip = "10.10.10.1"
> match out on egress inet from $int_if nat-to (egress)
> anchor "ftp-proxy/*"
> pass in on egress inet proto tcp to $ext_ip port 21
> -pass out on $int_if inet proto tcp to $ftp_ip port 21 user proxy
> +pass out on $int_if inet proto tcp to $ftp_ip port 21 user _ftp_proxy
>
>
> Here we allow the connection inbound to port 21 on the external interface,
> as well as the corresponding outbound connection to the FTP server.
> -The "user proxy" addition to the outbound rule ensures that only connections
> +The "user _ftp_proxy" addition to the outbound rule ensures that only
> connections
> initiated by ftp-proxy(8) are permitted.
>
>
>