[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FTP clients behind PF can connect to ftp serves but cannot list files why?



If you have a little bit more complex setup, I found that FTP Sesame
(google ftpsesame) worked a charm. ftp-proxy wasn't able to handle two
way active and passive connections in my setup but ftpsesame has been
going great guns. Handles several hundred inbound and several thousand
outbound ftp connections a day.
Andrew
 --- Mipam <[email protected]> wrote: 
> On Wed, 29 Sep 2004, Siju George wrote:
> 
> > hi all,
> > 
> > I configured OpenBSD 3.5 PF as said in the FAQ.
> > 
> > For the clients behind my PF firewall to access ftp servers I put
> this
> > line in the pf.conf file
> > 
> > rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1:8021
> > 
> > I also have the following line uncommented from /etc/inetd.conf
> > 
> > 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy
> ftp-proxy
> > 
> > Now the FTP clients behind the PF firewall cant connect to the ftp
> > servers on the internet username is authenticated successfully. but
> > listing of files is not possible.
> > 
> > It is not a problem with user permission because if I FTP from the
> > OpenBSD firewall itslef as the same user to the same FTP server I
> am
> > able to list the files.
> > 
> > I'll paste the output of ftp commands issued from both OpenBSD and
> a
> > client behind OpenBSD below. Domain names and user names are
> replaced
> > with "aaaaa " for the sake of security.
> > 
> > Could someone please point out the trouble?
> 
> Are you doing nat as well?
> You could try:
> 
> 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy
> ftp-proxy -n
> 
> And do you have a rule like:
> 
> pass in on $ext_if inet proto tcp from any to $ext_if \
> user proxy keep state 
> 
> It worked for me.
> Bye,
> 
> Mipam.
>  
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com