Hi,
Yes, my comment was internal connections to external servers.
Dave.
----- Original Message -----
From: "Jonathan Gonzalez" <[EMAIL PROTECTED]>
To: <support@pfsense.com>
Sent: Monday, October 10, 2005 10:59 AM
Subject: Re: [pfSense Support] passive ftp
Hi Dave [hi all],
when i said passive ftp i was thinking in allow passive ftp to work
from external clients to my server, which is hosted behind pfsense.
I understand that your comment only applies to internal to external
connections, isn't it?
TIA,
Rgds,
jonathan
On 10/10/05, Dave <[EMAIL PROTECTED]> wrote:
Hi,
I've got passive ftp going, here's the relevant rules. I'm trying to
get
active working and that is not.
Thanks.
Dave.
rules
ext_if = "rl0"
int_if = "xl0"
int_net="$int_if:network"
tcp_state="flags S/SA modulate state"
# translate lan client addresses to that of the external interface
nat on $ext_if from $int_if:network to any -> ($ext_if)
# Redirect lan client FTP requests (to an FTP server's control port 21)
# to the ftp-proxy running on the firewall host (via inetd on port 8021)
rdr on $int_if inet proto tcp from $int_net to any port 21 -> 127.0.0.1
port
8021
# block by default
block log all
# pass all loopback traffic
pass quick on lo0 all
# Allow remote FTP servers (on data port 20) to respond to the proxy's
# active FTP requests by contacting it on the port range specified in
inetd.conf
pass in quick on $ext_if inet proto tcp from any port 20 to 127.0.0.1 port
55000 >< 57000 user proxy $tcp_state
# Allow ftp-proxy packets destined to port 20 to exit $ext_if
# in order to maintain communications with the ftp server
pass out quick on $ext_if inet proto tcp from $ext_if to any port 20
$tcp_state
# Allow firewall to contact ftp server on behalf of passive ftp client
pass out quick on $ext_if inet proto tcp from $ext_if port 55000:57000 to
any user proxy $tcp_state
# allow ftp connections from lan to proxy
pass in quick on $int_if inet proto tcp from $int_net to lo0 port 8021
$tcp_state
pass in quick on $int_if inet proto tcp from $int_net to $ext_if port
55000:57000 $tcp_state
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]