Re: [pfSense Support] passive ftp

Mon, 10 Oct 2005 09:40:18 -0700 

Hi,
Yes, my comment was internal connections to external servers.
Dave.
----- Original Message ----- From: "Jonathan Gonzalez" <[EMAIL PROTECTED]> 
To: <support@pfsense.com>
Sent: Monday, October 10, 2005 10:59 AM
Subject: Re: [pfSense Support] passive ftp


Hi Dave [hi all],

when i said passive ftp i was thinking in allow passive ftp to work
from external clients to my server, which is hosted behind pfsense.

I understand that your comment only applies to internal to external
connections, isn't it?

TIA,
Rgds,

jonathan



On 10/10/05, Dave <[EMAIL PROTECTED]> wrote:

Hi,
I've got passive ftp going, here's the relevant rules. I'm trying to get 
active working and that is not.
Thanks.
Dave.

rules
ext_if = "rl0"
int_if = "xl0"
int_net="$int_if:network"
tcp_state="flags S/SA modulate state"
# translate lan client addresses to that of the external interface
nat on $ext_if from $int_if:network to any -> ($ext_if)
# Redirect lan client FTP requests (to an FTP server's control port 21)
# to the ftp-proxy running on the firewall host (via inetd on port 8021)
rdr on $int_if inet proto tcp from $int_net to any port 21 -> 127.0.0.1 port 
8021

# block by default
block log all

# pass all loopback traffic
pass quick on lo0 all

# Allow remote FTP servers (on data port 20) to respond to the proxy's
# active FTP requests by contacting it on the port range specified in
inetd.conf
pass in quick on $ext_if inet proto tcp from any port 20 to 127.0.0.1 port
55000 >< 57000 user proxy $tcp_state

# Allow ftp-proxy packets destined to port 20 to exit $ext_if
# in order to maintain communications with the ftp server
pass out quick on $ext_if inet proto tcp from $ext_if to any port 20
$tcp_state

# Allow firewall to contact ftp server on behalf of passive ftp client
pass out quick on $ext_if inet proto tcp from $ext_if  port 55000:57000 to
any user proxy $tcp_state

# allow ftp connections from lan to proxy
pass in quick on $int_if inet proto tcp from $int_net to lo0 port 8021
$tcp_state
pass in quick on $int_if inet proto tcp from $int_net to $ext_if port
55000:57000 $tcp_state



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to