[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FTP clients behind PF can connect to ftp serves but cannot listfiles why?



On Wed, 29 Sep 2004, Siju George wrote:
> hi all,
> 
> I configured OpenBSD 3.5 PF as said in the FAQ.
> 
> For the clients behind my PF firewall to access ftp servers I put this
> line in the pf.conf file
> 
> rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1:8021
> 
> I also have the following line uncommented from /etc/inetd.conf
> 
> 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
> 
> Now the FTP clients behind the PF firewall cant connect to the ftp
> servers on the internet username is authenticated successfully. but
> listing of files is not possible.
> 
> It is not a problem with user permission because if I FTP from the
> OpenBSD firewall itslef as the same user to the same FTP server I am
> able to list the files.
> 
> I'll paste the output of ftp commands issued from both OpenBSD and a
> client behind OpenBSD below. Domain names and user names are replaced
> with "aaaaa " for the sake of security.
> 
> Could someone please point out the trouble?
Are you doing nat as well?
You could try:
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n
And do you have a rule like:
pass in on $ext_if inet proto tcp from any to $ext_if \
user proxy keep state 
It worked for me.
Bye,
Mipam.
F