Re: Again, OpenBSD r0x! Thank you.

On Thu, Dec 31, 2009 at 09:13:45AM +1100, Aaron Mason wrote: > Hang on... isn't ftp_proxy defined in rc.conf? It is, but I had already set ftpproxy_flags="" in rc.conf.local so users could ftp out, so I needed a second instance for inbound connections. http://www.openbsd.org/faq/pf/ftp.html#natse

Re: Again, OpenBSD r0x! Thank you.

On Tue, Dec 29, 2009 at 8:51 AM, Andrew Fresh wrote: > Setting up a new firewall, OpenBSD is making it easy. > > in /etc/pf.macros > ftp_int=$srv01 > ftp_ext=$external01 > ftp_port=21 > > in /etc/pf.conf > include "/etc/pf.macros" > ... > # NAT/Filter Rules for FTP Server (additon to above) > pass

Again, OpenBSD r0x! Thank you.

Setting up a new firewall, OpenBSD is making it easy. in /etc/pf.macros ftp_int=$srv01 ftp_ext=$external01 ftp_port=21 in /etc/pf.conf include "/etc/pf.macros" ... # NAT/Filter Rules for FTP Server (additon to above) pass in on egress proto tcp to $ftp_ext port $ftp_port pass out on internal p