Hello,
I'm trying to log FTP connexions coming from WAN to a FTP server through my PF which have ftp-proxy set on.
FTP connexions are all ruled like this :
Code:
rdr pass on $ext_if proto tcp from <adminssh> to $crt_lr port 21 -> 127.0.0.1 po
rt 8021
My rule which is the last logging rule looks like this :
Code:
pass in log on $ext_if proto tcp from any port 21 to <filtre_ftp> label filtreftp
In my table <filtreftp> I have multiple FTP server IP addresses.
I launch a pflogd with this way :
Code:
pflogd -s 116 -i pflog0 -f /var/log/pflog.ftp ruleset filtreftp
And then to check my rule I do a tcpdump :
Code:
tcpdump -ttt -e -r /var/log/pflog.ftp
My problem is that nothing is logged (or not what I want). I tried so many ways but it is impossible to log FTP connexions. I tried with success to log SSH and RDP connexions. So I think ftp-proxy may be the cause of my troubles.
Am I right?
I'm not very familiar with PF (2 weeks practicing).
Forgive me if I made some English error or if I'm not very clear.
Thanks.