Re: Start 2 instances of ftp-proxy one for ftp one for reverse proxy

:24, Mik J a écrit : > Hello, > I'd like my firewall to start two instances one for ftp proxy and one for ftp > proxy.So far I have in rc.confftpproxy_flags="-D7 -v -p 8021" > > I can run manually/usr/sbin/ftp-proxy -D7 -v -R 10.1.1.1 -p21 -b 3and the > reverse proxy

Re: Start 2 instances of ftp-proxy one for ftp one for reverse proxy

Le 17/01/2018 à 22:24, Mik J a écrit : Hello, I'd like my firewall to start two instances one for ftp proxy and one for ftp proxy.So far I have in rc.confftpproxy_flags="-D7 -v -p 8021" I can run manually/usr/sbin/ftp-proxy -D7 -v -R 10.1.1.1 -p21 -b 3and the reverse proxy wo

Re: Start 2 instances of ftp-proxy one for ftp one for reverse proxy

Le 18/01/2018 à 10:37, Mathieu BLANC a écrit : Le 17/01/2018 à 22:24, Mik J a écrit : Hello, I'd like my firewall to start two instances one for ftp proxy and one for ftp proxy.So far I have in rc.confftpproxy_flags="-D7 -v -p 8021" I can run manually/usr/sbin/ftp-proxy -D7

Re: Start 2 instances of ftp-proxy one for ftp one for reverse proxy

mikyde...@yahoo.fr (Mik J), 2018.01.17 (Wed) 22:24 (CET): https://haveibeenpwned.com/api/v2/breachedaccount/mikyde...@yahoo.fr > I'd like my firewall to start two instances one for ftp proxy and one > for ftp proxy.So far I have in rc.confftpproxy_flags="-D7 -v -p 8021" &g

Start 2 instances of ftp-proxy one for ftp one for reverse proxy

Hello, I'd like my firewall to start two instances one for ftp proxy and one for ftp proxy.So far I have in rc.confftpproxy_flags="-D7 -v -p 8021" I can run manually/usr/sbin/ftp-proxy -D7 -v -R 10.1.1.1 -p21 -b 3and the reverse proxy works But I would like these to in

Re: Multi-path router with ftp-proxy problem

On Fri, Jun 02 2017 at 42:07, cdix wrote: > I have the same problem. > Did you ever found a resolution for your problem? > If so what was it? > Hi, FTP has one command tcp connection and one dynamic data connection that makes an entire applicative session. In order FTP to work, it needs both co

Re: Multi-path router with ftp-proxy problem

I have the same problem. Did you ever found a resolution for your problem? If so what was it? -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/Multi-path-router-with-ftp-proxy-problem-tp228377p319873.html Sent from the openbsd user - misc mailing list archive at

Re: FTP proxy not listing certain directories?

(7) higher than 1. At that level ftp-proxy cannot add rules to the anchors and FTP data connections may get blocked. Negotiated data connection ports below 1024 are not allowed. The negotiated IP address for active modes is ignored for security reasons. This makes third party

FTP proxy not listing certain directories?

(DF) --> then the report waits I'm just wondering as the last statement is (DF) - the Do Not Fragment flag, could this be an MTU issue?? Though the odd thing is that this was working fine until two upgrades ago which are still quite recent 2017 dated. In PF I have the standard

Re: ftp-proxy man page out of date?

On 01/05/2016 04:35 PM, Sonic wrote: > > Divert-to is the proper way to send the packets to the proxy, but the > dynamic rules that the proxy creates use rdr-to which is why the man > page may appear a bit confusing at first reading. > I see, my mistake. Thanx very much for your support. Harri

Re: ftp-proxy man page out of date?

On Mon, Jan 4, 2016 at 1:04 PM, Jason McIntyre wrote: > these are dynamically inserted rules. and they must be > redirects. so you don't have to change them. divert-to > would be incorrect. Divert-to is the proper way to send the packets to the proxy, but the dynamic ru

Re: ftp-proxy man page out of date?

On Mon, Jan 04, 2016 at 02:35:43PM +0100, Harald Dunkel wrote: > Hi folks, > > Would it be possible to update ftp-proxy(8) wrt "divert-to"? > I had the impression that rdr-to is out of date in this > context; see http://www.openbsd.org/faq/upgrade50.html. > >

ftp-proxy man page out of date?

Hi folks, Would it be possible to update ftp-proxy(8) wrt "divert-to"? I had the impression that rdr-to is out of date in this context; see http://www.openbsd.org/faq/upgrade50.html. Thanx very much. Best season's greetings Harri

ftp-proxy fails

Hi! Using the latest (and the next-latest) snapshot, ftp-proxy seems not to work on my system. All the clients get 421 Service not available, remote server timed out. Connection closed. While from the router, ftp is working great. from dmesg OpenBSD 5.8-current (GENERIC.MP) #1754: Thu Dec 17 12

FTP inspection / ftp-proxy transparent mode

Hi, I am protecting IPv6 FTP server in my LAN with PF firewall. I have two options: 1. pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port 21 pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port > 1024 2. anchor "ftp-proxy/*" pass in inet6 proto tcp to XXX:XXX::XXX:XX port 21 diver

ftp-proxy "pf operation failed: Device busy"

Solved problem, but I'm mentioning it here for anyone searching the list archives. If you use ftp-proxy and are having a failure to add rules for the data-channel connections, with accompanying verbose mode log entries like "pf operation failed: Device busy", check the ftp-proxy c

Re: ftp-proxy

Hi, I can't get active ftp to work through pf and ftp-proxy. -Passive ftp works fine. I use ftp from a Windows-pc and have been testing on ftp.openbsd.org and ftp.sunet.se. I've dumbed down pf.conf as much as I possibly can. Still no go. I had an older snapshot but upgraded jus

ftp-proxy

Hi, I can't get active ftp to work through pf and ftp-proxy. -Passive ftp works fine. I use ftp from a Windows-pc and have been testing on ftp.openbsd.org and ftp.sunet.se. I've dumbed down pf.conf as much as I possibly can. Still no go. I had an older snapshot but upgraded jus

Re: ftp-proxy and multiple nat-to addresses

On 11.6.2014. 14:29, Marko Cupać wrote: > Hi, > > I have pf setup which includes NAT and ftp-proxy for accessing FTP > servers on the Internet, and it works fine. > > I would like to add multiple addresses to NAT pool, instead of just one > as in current setup, but I am not

ftp-proxy and multiple nat-to addresses

Hi, I have pf setup which includes NAT and ftp-proxy for accessing FTP servers on the Internet, and it works fine. I would like to add multiple addresses to NAT pool, instead of just one as in current setup, but I am not sure if this is going to play well with ftp-proxy. If I remember well, in

Re: ftp-proxy versus IPv4 and IPv6 dual stack?

r properly for rc.d(8) >> signalling. > > It needs handling one way or another, and that doesn't seem *too* horrible > (not that it's exactly nice).. other alternatives i can think of, more or less ugly / worth it: - tweaking pexp - ln /usr/sbin/ftp-proxy /usr/sbin/ftp6-proxy,

Re: ftp-proxy versus IPv4 and IPv6 dual stack?

On 2014-04-15, Jérémie Courrèges-Anglas wrote: > * if it had to be integrated with rc.d(8), that would mean adding > a ftpproxy6 script, hooking it in /etc/rc and adding a -4 flag to > ftpproxy so that the daemons command lines differ properly for rc.d(8) > signalling. It needs handling one

Re: ftp-proxy versus IPv4 and IPv6 dual stack?

On 04/15/2014 11:27 AM, Jérémie Courrèges-Anglas wrote: > John Jasen writes: > >> As a quick sanity check, the ftp-proxy daemon in OpenBSD 5.4 through >> -current does NOT listen on IPv4 and IPv6 simultaneously? > > As documented. Yes, forgive me for not mentioning that

Re: ftp-proxy versus IPv4 and IPv6 dual stack?

John Jasen writes: > As a quick sanity check, the ftp-proxy daemon in OpenBSD 5.4 through > -current does NOT listen on IPv4 and IPv6 simultaneously? As documented. > In order to support FTP over IPv4 and IPv6, two running ftp-proxy > daemons would be required, one with the -

ftp-proxy versus IPv4 and IPv6 dual stack?

As a quick sanity check, the ftp-proxy daemon in OpenBSD 5.4 through -current does NOT listen on IPv4 and IPv6 simultaneously? In order to support FTP over IPv4 and IPv6, two running ftp-proxy daemons would be required, one with the -6 flag? If so, I do not see an immediate way to fire two ftp

Unable to get ftp-proxy to work as expected when using authpf

Hi, Over my wired network (not using authpf) I can connect to ftp sites over ftp-proxy fine. Similarly when connecting to ftp sites over my wifi without authpf. However, using authpf on my wifi gives me errors when connecting to ftp sites over ftp-proxy. In man authpf(8) the following

Multi-path router with ftp-proxy problem

e add -mpath default ### /etc/sysctl.conf: net.inet.ip.forwarding=1 net.inet.ip.multipath=1 ### /etc/rc.conf.local: ftpproxy_flags="-T ftp-proxy -D7 -vv" ### /etc/pf.conf (relevant to FTP parts only): cable_if = "fxp0" cable_gw = # I used the actual IP for the cable

Re: ftp-proxy(8) and ftpd(8) on the same host

On cs, márc 28, 2013 at 08:11:07 +0100, Camiel Dobbelaar wrote: > It does not work on the same server. > > You might try rules with "user _ftp" in pf.conf. > On cs, márc 28, 2013 at 10:14:15 +, Alexey E. Suslikov wrote: > Camiel Dobbelaar sentia.nl> writes: > > > It does not work on the sa

Re: ftp-proxy(8) and ftpd(8) on the same host

Camiel Dobbelaar sentia.nl> writes: > It does not work on the same server. There was an attempt to handle such a things http://article.gmane.org/gmane.os.openbsd.tech/23343/

Re: ftp-proxy(8) and ftpd(8) on the same host

On 3/27/13 4:14 PM, LEVAI Daniel wrote: On 5.2-stable, I'm trying to setup the stock ftpd(8) on a machine where the incoming traffic is not allowed arbitrarily above net.inet.ip.porthifirst, and the clients wish to use passive mode data connections. I thought I could use ftp-proxy(8) to app

ftp-proxy(8) and ftpd(8) on the same host

Hi! On 5.2-stable, I'm trying to setup the stock ftpd(8) on a machine where the incoming traffic is not allowed arbitrarily above net.inet.ip.porthifirst, and the clients wish to use passive mode data connections. I thought I could use ftp-proxy(8) to append a pass in rule to the ftp-proxy a

Re: PF and ftp: to use or not to use ftp-proxy ?

On 2012-06-26, Илья Шипицин wrote: > match in inet proto tcp from any port = ftp-data to $external port > 1024:65535 rdr-to $internal port 1024:65535 You know people can choose their own source port number? It's just as safe to do "from any to $external port 1024:65535"...

Re: PF and ftp: to use or not to use ftp-proxy ?

On Tue, 26 Jun 2012 14:51:35 +0600 Илья Шипицин wrote: > Hello! > > I managed to get ftp through PF working either without ftp-proxy ... > > match in inet proto tcp from any to $external port = ftp rdr-to > $internal port 21 > match in inet proto tcp from any port = ftp-d

PF and ftp: to use or not to use ftp-proxy ?

Hello! I managed to get ftp through PF working either without ftp-proxy ... match in inet proto tcp from any to $external port = ftp rdr-to $internal port 21 match in inet proto tcp from any port = ftp-data to $external port 1024:65535 rdr-to $internal port 1024:65535 match in inet proto tcp

Re: ftp-proxy issues

On 2012-06-14, James Chase wrote: > I'm just noticing that there is a binat on .217 (the ip that doesn't work) > and none on .146. Could this be the issue? Let's see. Yup. It was the binat > that was breaking it. Damn. Makes some sense I guess. Is there a way to do > this while using the binat? "

Re: ftp-proxy issues

(the ip that doesn't work) and none on .146. Could this be the issue? Let's see. Yup. It was the binat that was breaking it. Damn. Makes some sense I guess. Is there a way to do this while using the binat? > > > On 14-6-2012 18:31, James Chase wrote: > > I already have 1

ftp-proxy issues

I already have 1 FTP server setup to use ftp-proxy with pf and it works fine. I am trying to add a second. It seemed like this should be straightforward - just add another ftp-proxy instance connected to the proper servers and add some rules to pf.conf. This didn't work (however the firs

Re: multiple instances of ftp-proxy ?

On 12.6.2012. 12:32, Илья Шипицин wrote: > Hello! > > is anybody running multiple instances of ftp-proxy in reverse mode? > I'd afraid of anchor "ftp-proxy/*", ftp-proxy doesn't allow to specify > anchor, also, many instances of ftp-proxy can break each others

Re: multiple instances of ftp-proxy ?

2012/6/12 Илья Шипицин : > Hello! > > is anybody running multiple instances of ftp-proxy in reverse mode? > I'd afraid of anchor "ftp-proxy/*", ftp-proxy doesn't allow to specify > anchor, also, many instances of ftp-proxy can break each others anchors. No, the

multiple instances of ftp-proxy ?

Hello! is anybody running multiple instances of ftp-proxy in reverse mode? I'd afraid of anchor "ftp-proxy/*", ftp-proxy doesn't allow to specify anchor, also, many instances of ftp-proxy can break each others anchors. can somebody provide me with example of multiple ftp-pro

Re: Despite ftp-proxy anchor, pf blocks outgoing ftp connetion from Filezilla

On Tue, Feb 14, 2012 at 18:21, Stuart Henderson wrote: > Your ftp-proxy anchor is too late, move it *before* the match...nat-to rules Ah, that works, thanks! Maybe this should be mentioned in the ftp-proxy manual, too?

Re: Despite ftp-proxy anchor, pf blocks outgoing ftp connetion from Filezilla

Your ftp-proxy anchor is too late, move it *before* the match...nat-to rules On 2012-02-14, Nikola KneE>eviD wrote: > Hi, > > I'm running into a problem on a Soekris firewall I manage. It is a Soekris > net6501, running OpenBSD 5.0-stable. > On this machine, I run pf a

Despite ftp-proxy anchor, pf blocks outgoing ftp connetion from Filezilla

Hi, I'm running into a problem on a Soekris firewall I manage. It is a Soekris net6501, running OpenBSD 5.0-stable. On this machine, I run pf and ftp-proxy (ftp-proxy="" in rc.conf.local). There are 4 NICs on this machine, one is for the internal traffic, one for the DMZ, on

Re: Dual WAN with ftp-proxy

rt 21 \ divert-to 127.0.0.1 port 8021 the problem is that when divert-to 127.0.0.1 port 8021 , the ftp-proxy just can only goes through the default gateway fxp0 - WAN interface to ISP - xxx.xxx.xxx.116 . so if you don't use the ftp-proxy ,it will work for you like that: match out o

Dual WAN with ftp-proxy

$ext_if2 from $lan_net nat-to ($ext_if2) What I am not clear about is how to deal with FTP to head office. I have ftp-proxy running. Do I use route-to on the internal interface before FTP traffic for head office from the LAN has been re-directed to ftp-proxy ... pass in on $int_if proto tcp from

Re: pf ftp-proxy forward AND reverse (Help?)

Hi! I just wanted to share that alternative to ftp-proxy clients which connect from external network to internal ftp server is just letting appropriate packets thru i.e. without doing application level proxying. For example like this where 10.0.21.254 is ftp server's external address

Re: pf ftp-proxy forward AND reverse (Help?)

rules and anchor for ftp-proxy(8) anchor "ftp-proxy/*" pass in on $wireless_if inet proto tcp to ($wireless_if) port 21 pass out on $int_if inet proto tcp to $ftp_server port 21 user proxy # Translate outgoing ftp control connections to send them to localhost # for proxying with f

pf ftp-proxy forward AND reverse (Help?)

Hi folks. I cannot get reverse? ftp to work from my wireless to my LAN. I seem to have no trouble going from the LAN to the internet. Any thoughts? Thanks, Steven * pf.conf: # filter rules and anchor for ftp-proxy(8) anchor "ftp-

ftp-proxy multi ISP

FAICT on the load balancing setup. One ftp-proxy instance is run off rc.conf.local without any flags. Followed the FAQ on multiple routes !/sbin/route add -mpath default ... on the corresponding hostname.if files Have net.inet.ip.multipath=1 on my sysctl.conf I've been looking into the -T

4.7 and FTP-PROXY

Hello there, I've the follow rules: table { xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy } table { 10.1.1.1, 10.1.1.2 } ... pass in quick on $int_if proto tcp from to port 21 rdr-to lo 8021 pass in quick on $int_if proto tcp from $int_if to port 21 rdr-to lo 8021 anchor ftp-proxy/* block lo

Re: help on rewriting ftp-proxy rules for 4.7 up

* Peter N. M. Hansteen [2010-08-17 12:09]: > Dimitar Vassilev writes: > > > $tg_in on $ext_if inet proto udp from any to any port=syslog > > $tg_in on $ext_if from any to any flags P/FSRPAUEW > > $tg_in on $ext_if from any to any flags FPU/FSRPAUEW > > $tg_in on $ext_if from any to any flags FPU

Re: help on rewriting ftp-proxy rules for 4.7 up

949]: 85.152.224.147: disconnected after 42673 seconds. > > Long time ago ( circa 2002-2005) i think it was a way to keep a relatively low profile from port scanners. Now days probably it doesn't really matter as the guys running the thing will not get to one easily anyway provided one k

Re: help on rewriting ftp-proxy rules for 4.7 up

Dimitar Vassilev writes: > $tg_in on $ext_if inet proto udp from any to any port=syslog > $tg_in on $ext_if from any to any flags P/FSRPAUEW > $tg_in on $ext_if from any to any flags FPU/FSRPAUEW > $tg_in on $ext_if from any to any flags FPU/FPU > $tg_in on $ext_if from any to any flags /FSRA > $

Re: help on rewriting ftp-proxy rules for 4.7 up

> $tg_in on $ext_if inet proto udp from any to any port=syslog if people keep doing this bullshit I will remove macros from pf.

Re: help on rewriting ftp-proxy rules for 4.7 up

any flags S/FSRPAU $tg_in on $ext_if from any to any flags P/FSRPAU $tg_in on $ext_if from any to any flags A/A $tg_in on $ext_if from any to any flags P/P # anchor "ftp-proxy/*" pass in quick on $int_if:network proto tcp to port ftp rdr-to 127.0.0.1 port 8021 pass out on $ext_if

help on rewriting ftp-proxy rules for 4.7 up

: Network is unreachable. Falling back to PORT instead of PASV mode. List failed. Sample from anchors and ftp-proxy # pfctl -vv -sA ftp-proxy ftp-proxy/17.11 # pfctl -vv -a ftp-proxy/17.11 -sr @0 match in log inet proto tcp from 194.186.254.27 to 91.139.244.32 port = 49677 flags S/SA keep state (max

Re: pf and ftp-proxy active/passive problems

On Thu, 3 Jun 2010 23:43:29 +0300 Teemu Rinta-aho wrote: > On Jun 3, 2010, at 11:26 PM, Teemu Rinta-aho wrote: > > I call it a day. > > Or maybe not. > > Case closed. I found out that even though I followed > the instructions and inserted the required lines > to my p

Re: Multiple Internet Connections and Inbound ftp-proxy to FTP Server Behind Firewall OpenBSD 4.7

Forgive me; my dumba$$ somehow forgot to add the multipath routes to my hostname.if files for the two external interfaces. I'm amazed everything else was working.. Anyway, progress has been made but I'm still not 100%. [ ftp-proxy listening on localhost with rd

Re: Multiple Internet Connections and Inbound ftp-proxy to FTP Server Behind Firewall OpenBSD 4.7

Does anyone have inbound ftp-proxy with multiple internet connections and outbound load balancing working that can help me out? I've been banging my head against the wall for 3 days now trying every iteration of pf rules and idea that I can come up with and I just can't get the data con

Multiple Internet Connections and Inbound ftp-proxy to FTP Server Behind Firewall OpenBSD 4.7

e than one gateway, it is necessary to use reply-to in my pass in rules to use the same gateway the request came in on. (at least for certain services) I used this same method on my inbound redirects to the ftp-proxy, and my control connection is made, but the data connection fails. (active or passive)

Re: pf and ftp-proxy active/passive problems

On Jun 3, 2010, at 11:26 PM, Teemu Rinta-aho wrote: > I call it a day. Or maybe not. Case closed. I found out that even though I followed the instructions and inserted the required lines to my pf.conf as per ftp-proxy man page, they were in a wrong place. Now when _both_ the anchor and the

Re: pf and ftp-proxy active/passive problems

On Jun 3, 2010, at 9:28 PM, Teemu Rinta-aho wrote: > The big problem hindering further investigation is that I cannot > print out the pf rules in the "ftp-proxy/*" anchor. What is the > correct syntax? "pfctl -a "ftp-proxy/*" -sr"? That prints nothing! O

Re: pf and ftp-proxy active/passive problems

ny upper port on the firewall. Not very common. Right, I assumed that. > The machine behind the firewall should be able to do active and > passive because the ftp-proxy, if setup correctly, will anchor the > proper rules to allow both connection types. Yes, that I understood from man pages

Re: pf and ftp-proxy active/passive problems

e firewall should be able to do active and passive because the ftp-proxy, if setup correctly, will anchor the proper rules to allow both connection types. For more testing you can setup the ftp-proxy daemon to log its connections to /var/log/daemon using, "/usr/sbin/ftp-proxy -D7 -v"

Re: pf and ftp-proxy active/passive problems

On Jun 3, 2010, at 3:51 AM, Calomel Org wrote: > Teemu, > > Are you sure the ftp server you are connecting to supports active and > passive ftp? You may want to try your test against ftp.openbsd.org. That is a very good point. I thought so as I got both modes working from different nodes, but I a

Re: pf and ftp-proxy active/passive problems

Teemu, Are you sure the ftp server you are connecting to supports active and passive ftp? You may want to try your test against ftp.openbsd.org. This is a linux machine behind a pf firewall (openbsd v4.7) using ftp-proxy. Both active (PORT) and passive listings seem to work. $ ftp

pf and ftp-proxy active/passive problems

sive mode works but active doesn't (ftp client says "425 Could not open data connection to port 55476: Connection refused"). In this case ftp-proxy is not used as the firewall should be just like any other ftp client. I have updated my pf.conf as per the 4.7 upgrade instructions and

Re: ftp-proxy for outgoing connection

On 12 March 2010 c. 13:22:41 Stuart Henderson wrote: > On 2010-03-12, Vadim Zhukov wrote: > > Hm-m. I think ftp-proxy itself should be fixed instead. What if > > target FTP server is not on egress? (yes, my workaround proposal was > > bad at that too)? Dropping "on egre

Re: ftp-proxy for outgoing connection

On 2010-03-12, madro...@zakweb.de wrote: > >> > it seems to me that it is in fact not possible at the moment to >> > use a ftp-client on a firewall until the current restrictio on >> > rdr-to in pfctl will be removed. Is this true? >> >> you'll need add rules to allow the connections through if yo

Re: ftp-proxy for outgoing connection

B Stuart Henderson hat am 12. MC$rz 2010 um 11:46 geschrieben: > On 2010-03-12, Christopher Zimmermann wrote: > > On Fri, 12 Mar 2010 00:23:00 + (UTC) Stuart Henderson wrote: > >> > As I understand it, ftp-proxy could be used to create rules for > >> > in

Re: IPv6, ftp-proxy and PF rules

. Redirecting to my external global address (instead of ::1) and making ftp-proxy listen on it does the trick. I don't know if adjusting the man page would be useful since I imagine the similar problem would occur with every tools requiring redirections to ::

Re: ftp-proxy for outgoing connection

On 2010-03-12, Christopher Zimmermann wrote: > On Fri, 12 Mar 2010 00:23:00 + (UTC) Stuart Henderson wrote: >> > As I understand it, ftp-proxy could be used to create rules for >> > inbound and outbound connections on 4.6. Now on -current the rdr >> > keywo

Re: ftp-proxy for outgoing connection

On 2010-03-12, Vadim Zhukov wrote: > Hm-m. I think ftp-proxy itself should be fixed instead. What if target > FTP server is not on egress? (yes, my workaround proposal was bad at > that too)? Dropping "on egress" will be stupid because this will > definitely allow more con

Re: ftp-proxy for outgoing connection

rent firewall is configured to block all in, block all > > > > out and allow only certain outbound connections. > > > > > > > > Now I want to allow outbound ftp connections. > > > > > > > > I read ftp-proxy(8) and > > > &

Re: ftp-proxy for outgoing connection

; and allow only certain outbound connections. > > > > > > Now I want to allow outbound ftp connections. > > > > > > I read ftp-proxy(8) and > > > http://openbsd.org/faq/pf/ftp.html#client. > > > > > > As I understand it, ftp-proxy could be used

Re: ftp-proxy for outgoing connection

want to allow outbound ftp connections. > > > > I read ftp-proxy(8) and > > http://openbsd.org/faq/pf/ftp.html#client. > > > > As I understand it, ftp-proxy could be used to create rules for > > inbound and outbound connections on 4.6. Now on -current t

Re: ftp-proxy for outgoing connection

low outbound ftp connections. > > > > I read ftp-proxy(8) and > > http://openbsd.org/faq/pf/ftp.html#client. > > > > As I understand it, ftp-proxy could be used to create rules for > > inbound and outbound connections on 4.6. Now on -current the rdr > > keywor

Re: ftp-proxy for outgoing connection

On 2010-03-11, Christopher Zimmermann wrote: > Hi, > > my -current firewall is configured to block all in, block all out > and allow only certain outbound connections. > > Now I want to allow outbound ftp connections. > > I read ftp-proxy(8) and > http://openbsd

Re: IPv6, ftp-proxy and PF rules

On Mon, Mar 08, 2010 at 10:36:46AM +0100, Mattieu Baptiste wrote: > Hi all, > > I have a public FTP server accessible through redirections on my > firewall via ftp-proxy (my server has a private IPv4 address on a > local subnet). > I d'like to make it accessible through my

Re: ftp-proxy for outgoing connection

allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8

ftp-proxy for outgoing connection

Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for

Re: IPv6, ftp-proxy and PF rules

On Thu, Mar 11, 2010 at 6:45 AM, Mattieu Baptiste wrote: > correctly routed on my firewall. But as I don't want to route a giant > port range for FTP on this firewall, I intend to use ftp-proxy. But > the rdr-to rule doesn't seem to redirect packets to the ftp-proxy > p

Re: IPv6, ftp-proxy and PF rules

tatically configured. This is working fine for HTTP/HTTPS : IPv6 packets are correctly routed on my firewall. But as I don't want to route a giant port range for FTP on this firewall, I intend to use ftp-proxy. But the rdr-to rule doesn't seem to redirect packets to the ftp-proxy process. -- Matti

Re: IPv6, ftp-proxy and PF rules

On Tue, Mar 9, 2010 at 5:02 PM, Mattieu Baptiste wrote: >> I d'like to make it accessible through my IPv6 connectivity (gif >> tunnel with hurricane electric). With this IPv6 connectivity, all my >> servers have public addresses. But I can't find a way to do it with

Re: Update: ftp-proxy and pf on OpenBSD 4.5

On 10 March 2010 c. 12:09:07 tsg12...@gmx.de wrote: > Apologies first. > > My first thought after waking up today was "I mixed IPs and IFs". > Sorry for posting that... > > Remaining question second. > > The filtering does not seem to get "populated" b

Re: Update: ftp-proxy and pf on OpenBSD 4.5

tsg12...@gmx.de wrote: A rule like: pass in on $client_if proto { tcp udp } from $client \ to 127.0.0.1 port ftp does not do the trick, I still have to use something like: pass in on $client_if proto { tcp udp } from $client \ to 127.0.0.1 (opening everything up for the ftp data connection myse

Update: ftp-proxy and pf on OpenBSD 4.5

Apologies first. My first thought after waking up today was "I mixed IPs and IFs". Sorry for posting that... Remaining question second. The filtering does not seem to get "populated" by ftp-proxy. A rule like: pass in on $client_if proto { tcp udp } from $client \ to 127.

ftp-proxy and pf on OpenBSD 4.5

Hi list, I was trying to set up ftp-proxy for use with a client (OpenBSD 4.6 workstation, passive ftp only) behind a firewall (4.5). I have set up pf.conf on the firewall according to pf user's guide. All ftp-proxy anchors have been put first (nat/rdr before any nat/rdr rules, filtering b

Re: IPv6, ftp-proxy and PF rules

On Mon, Mar 8, 2010 at 10:36 AM, Mattieu Baptiste wrote: > Hi all, > > I have a public FTP server accessible through redirections on my > firewall via ftp-proxy (my server has a private IPv4 address on a > local subnet). > I d'like to make it accessible through my IPv6 con

IPv6, ftp-proxy and PF rules

Hi all, I have a public FTP server accessible through redirections on my firewall via ftp-proxy (my server has a private IPv4 address on a local subnet). I d'like to make it accessible through my IPv6 connectivity (gif tunnel with hurricane electric). With this IPv6 connectivity, all my se

firewall / ftp-proxy problem

Dear Listers The installation here is OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 On this OpenBSD we essentially have a pf firewall and an ftp Proxy running. The ftp Proxy transfers to an internal ftp server. So far, everything worked OK. Then, a fortnight ago, we started to

Re: patch ftp-proxy

On 2010-01-06, Tiery DENYS wrote: > Hi, > > I would like to propose a patch for ftp-proxy. This patch implement an > option concerning specific timeout (connect_timeout). > It add an option for setting connect_timeout variable while starting > ftp-proxy (this variable is curr

Re: patch ftp-proxy

ng list, I prefered asking here. But thanks :) I will make the patch simple, and propose it on tech. Thierry On Wed, Jan 6, 2010 at 1:01 PM, Remco wrote: > Tiery DENYS wrote: > > > Hi, > > > > I would like to propose a patch for ftp-proxy. This patch implement an >

Re: patch ftp-proxy

Tiery DENYS wrote: > Hi, > > I would like to propose a patch for ftp-proxy. This patch implement an > option concerning specific timeout (connect_timeout). > It add an option for setting connect_timeout variable while starting > ftp-proxy (this variable is currently set to 30

patch ftp-proxy

Hi, I would like to propose a patch for ftp-proxy. This patch implement an option concerning specific timeout (connect_timeout). It add an option for setting connect_timeout variable while starting ftp-proxy (this variable is currently set to 30 in code). Setting this variable to another value

Re: ftp-proxy with pf tagging breaks inbound FTP data connection in -current

* Claudio Jeker [2009-11-13 18:19]: > > nat-to and rdr-to on pass rules are only applied if it is the last > > matching rule. for match rules they're always applied. > Maybe something like this. The result are that you need to have a > "pass tagged FTPTAG" rule after the anchor (or one rule per di

Re: ftp-proxy with pf tagging breaks inbound FTP data connection in -current

rrent and I came across an issue that seems like a problem in the way "tagged" rules are handled. It's breaking ftp-proxy with tagging when I try to apply additional rules to the tagged packets. The result is that I can login to an FTP server but the inbound data connection seems to g

Re: ftp-proxy with pf tagging breaks inbound FTP data connection in -current

gt; >>-current and I came across an issue that seems like a problem in the way > > >>"tagged" rules are handled. It's breaking ftp-proxy with tagging when I > > >>try to apply additional rules to the tagged packets. The result is that I > > >>

Re: ftp-proxy with pf tagging breaks inbound FTP data connection in -current

>>"tagged" rules are handled. It's breaking ftp-proxy with tagging when I > >>try to apply additional rules to the tagged packets. The result is that I > >>can login to an FTP server but the inbound data connection seems to get > >>lost--I don&

Re: ftp-proxy with pf tagging breaks inbound FTP data connection in -current

Henning Brauer wrote: * Bryan S. Leaman [2009-11-13 01:12]: I'm converting a pf ruleset to work with the new nat/rdr changes in 4.6 -current and I came across an issue that seems like a problem in the way "tagged" rules are handled. It's breaking ftp-proxy with tagging

  1   2   3   4   >