On 2012-06-26, Илья Шипицин wrote:
> match in inet proto tcp from any port = ftp-data to $external port
> 1024:65535 rdr-to $internal port 1024:65535
You know people can choose their own source port number?
It's just as safe to do "from any to $external port 1024:65535"...
On Tue, 26 Jun 2012 14:51:35 +0600
Илья Шипицин wrote:
> Hello!
>
> I managed to get ftp through PF working either without ftp-proxy ...
>
> match in inet proto tcp from any to $external port = ftp rdr-to
> $internal port 21
> match in inet proto tcp from any port = ftp-data to $external port
> 1
Hello!
I managed to get ftp through PF working either without ftp-proxy ...
match in inet proto tcp from any to $external port = ftp rdr-to $internal
port 21
match in inet proto tcp from any port = ftp-data to $external port
1024:65535 rdr-to $internal port 1024:65535
match in inet proto tcp from
On Thu, 3 Jun 2010 23:43:29 +0300
Teemu Rinta-aho wrote:
> On Jun 3, 2010, at 11:26 PM, Teemu Rinta-aho wrote:
> > I call it a day.
>
> Or maybe not.
>
> Case closed. I found out that even though I followed
> the instructions and inserted the required lines
> to my pf.conf as per ftp-proxy man pa
On Jun 3, 2010, at 11:26 PM, Teemu Rinta-aho wrote:
> I call it a day.
Or maybe not.
Case closed. I found out that even though I followed
the instructions and inserted the required lines
to my pf.conf as per ftp-proxy man page, they were in
a wrong place. Now when _both_ the anchor and the ftp
po
On Jun 3, 2010, at 9:28 PM, Teemu Rinta-aho wrote:
> The big problem hindering further investigation is that I cannot
> print out the pf rules in the "ftp-proxy/*" anchor. What is the
> correct syntax? "pfctl -a "ftp-proxy/*" -sr"? That prints nothing!
OK I figured the syntax out by trial-and-erro
this:
anchor "*" all {
pfctl: DIOCGETRULES: Invalid argument
}
I think I need to figure that out before spending my (our) time
on anything else.
> BTW, we have examples of Pf and ftp-proxy on our site; see signature.
Yes I have already found it some time ago. Very helpful. Thank yo
ge on the machine behind the firewall.
Once you have a reliable set of test responses you should have a
better idea of where the problem is.
Make sense?
BTW, we have examples of Pf and ftp-proxy on our site; see signature.
I checked out your pf.conf. If you have time you may want to try
putting y
On Jun 3, 2010, at 3:51 AM, Calomel Org wrote:
> Teemu,
>
> Are you sure the ftp server you are connecting to supports active and
> passive ftp? You may want to try your test against ftp.openbsd.org.
That is a very good point. I thought so as I got both modes working
from different nodes, but I a
Teemu,
Are you sure the ftp server you are connecting to supports active and
passive ftp? You may want to try your test against ftp.openbsd.org.
This is a linux machine behind a pf firewall (openbsd v4.7) using
ftp-proxy. Both active (PORT) and passive listings seem to work.
$ ftp ftp.openbsd.org
Hi all,
(First, sorry if you receive this e-mail multiple times,
I changed my smtp server as the first one doesn't seem
to get mails to this list.)
my firewall (OpenBSD 4.7) is running packet filter with NAT
and tcp-proxy to provide FTP for hosts in the network behind
the firewall/NAT.
The probl
Hi folks,
I'm having a bad time doing a setup that is a little complex. I do have
2 ADSL links, both working. And i have and DMZ and a LAN. The setup is this:
LAN net: 10.0.0.0/24
DMZ net: 10.1.1.0/24
LINK#1 NET: 192.168.200.0/24 LINK#1 IP: 192.168.200.1 LINK#1 GATEWAY:
192.168.200.254
LIN
On Mon, Feb 27, 2006 at 03:40:17PM +0100, vladimir plotnikov wrote:
> Hello!
>
> Sorry for stupid question.
> part of pf.conf:
>
> pass in on $ext_if proto tcp from any to any port 21 keep state
> pass in on $ext_if proto tcp from any to any port > 49151 keep state
> ...
> block return-rst i
Sorry, of course, this line exists in my config:
@4 pass in quick inet proto tcp from any to my.ip.address.com port =
ftp-data keep state
[ Skip steps: i=44 d=50 f=44 p=44 sa=end sp=end da=12 ]
[ queue: qname= qid=0 pqname= pqid=0 ]
On 2/27/06, edgarz <[EMAIL PROTECTED]> wrote:
> hi!
> you for
hi!
you forgot port 20 (ftp-data)
vladimir plotnikov wrote:
Hello!
Sorry for stupid question.
part of pf.conf:
pass in on $ext_if proto tcp from any to any port 21 keep state
pass in on $ext_if proto tcp from any to any port > 49151 keep state
...
block return-rst in log on $ext_if proto
Hello!
Sorry for stupid question.
part of pf.conf:
pass in on $ext_if proto tcp from any to any port 21 keep state
pass in on $ext_if proto tcp from any to any port > 49151 keep state
...
block return-rst in log on $ext_if proto tcp all
Part of log file:
Feb 27 14:56:46.142988 rule 59/(mat
On 2006-02-18 16:12:39 -0500, David Higgs wrote:
> Any further ideas?
Check the example. It uses ftp-proxy(8)
Best
Martin
PS: http://en.wikipedia.org/wiki/Top-posting
--
http://www.tm.oneiros.de
On 2006/02/18 16:12, David Higgs wrote:
> The problem is that with passive mode, the client is actively
> attempting to connect to the server. Port numbers on either end
> cannot be predicted
Well, that depends somewhat on your ftp server. Most modern ones allow
you to restrict the range of ports
I'm beginning to wonder if I'm being dense and missing something
brutally simple. I've looked at the pf FAQ, payed special attention
to the FTP section, and even used identical configuration without
success.
The problem is that with passive mode, the client is actively
attempting to connect to th
David Higgs wrote:
After reading the man pages for pf.conf and ftp-proxy, it's not 100%
clear to me how I should go about supporting ftp. I have a basic
2-nic obsd box doing nat for my internal network, and run ftp-proxy
with the -n flag. The relevant portions of my pf.conf are shown
below:
After reading the man pages for pf.conf and ftp-proxy, it's not 100%
clear to me how I should go about supporting ftp. I have a basic
2-nic obsd box doing nat for my internal network, and run ftp-proxy
with the -n flag. The relevant portions of my pf.conf are shown
below:
set skip on lo0
nat on
21 matches
Mail list logo
