saudacoes , pessoal estou precisando de um help ! estou tendo problemas com ftp e nat.as configuracoes q tenho e testes q fiz sao seados no historico da lista, e outros posts, aparentemente minha configuracao e difente pq observei q soh se faziam proxy na saida, estou querendo fazer na entrada, se nao for preciso gostaria de ser alertado sobre outra solucao. estou usando o FreeBSD-5.5-STABLE e tenho o objetivo de configurar os seguinte cenario .:
CLIENTE FTP (internet) <-> fw (PF) <-> ftp (vsftpd) #vsftpd.conf listen=YES background=YES anonymous_enable=yes local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES xferlog_file=/var/log/vsftpd.log ftpd_banner="Itecgyn Informatica ME. Bem vindo !" pam_service_name=vsftpd chroot_local_user=yes secure_chroot_dir=/usr/local/share/vsftpd/empty pasv_min_port=50000 pasv_max_port=50010 #pf.conf ext_if="tun0" int_if="xl0" ftp_server="192.168.0.253" nat-anchor "pftpx/*" rdr-anchor "pftpx/*" nat on $ext_if from $int_if:network to any -> ($ext_if) rdr on $ext_if proto tcp from any to $ext_if port 21 -> localhost port 8021 anchor "pftpx/*" pass out all keep state pass in all keep state #man pftpx -f address Fixed server address. The proxy will always connect to the same server, regardless of where the client wanted to connect to (before it was redirected). Use this option to proxy for a server behind NAT, or to forward all connections to another proxy. -p address Proxy source address. The proxy will use this as the source address to connect to servers. #rc.conf pftpx_enable="YES" pftpx_flags="-f 192.168.0.253 -p 192.168.0.254" # ps -A | grep pftpx 1040 ?? Ss 0:00.21 /usr/local/sbin/pftpx -f 192.168.0.253 -p 192.168.0.254 # quando tento conectar "de qualquer lugar" sarge~# ftp localhost 8021 Trying ::1... Trying 127.0.0.1... Connected to localhost. 220 "Itecgyn Informatica ME. Bem vindo !" Name (localhost:root): gowmo 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 421 Service not available, remote server has closed connection. #log do pftpx Jan 25 20:42:19 sarge pftpx[1040]: #14 pf operation failed: Invalid argument Jan 25 20:42:19 sarge pftpx[1040]: #14 pf rule removal failed: Invalid argument __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd