Right so I've enabled the ftp-proxy service which I've checked using netstat -ap tcp and it's up!
Code:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 localhost.8021 *.* LISTEN
However, how can I check that things are working properly because the Foreign Address field keeps saying listen and that's it??
This is my pf.conf file now:
Code:
#macros
int_if="em1"
tcp_services="{ 22 }"
icmp_types="echoreq"
imap_box="10.0.0.9"
http_box="10.0.0.8"
#options
set block-policy return
set loginterface em0
set skip on "{ lo, em1 }"
# Proxy rules
#anchor "http-proxy/*"
#pass in quick on $int_if inet proto tcp to any port http \
# divert-to 172.16.8.40 port 3128
pass in quick on $int_if inet proto tcp to any port ftp \
divert-to 127.0.0.1 port 8021
#match rules
#match out on egress inet from !(egress) to any nat-to (egress:0)
match out on em0 from 10.0.0.0/24 to any nat-to 172.16.8.13
#filter rules
block in log
pass out quick
pass out quick on em0 from 10.0.0.0/24 to any nat-to 172.16.8.13
#pass out on em0 from 10.0.0.0/24 to any nat-to 172.16.8.13
antispoof quick for { lo, em1 }
pass in quick on egress inet proto tcp from any to (egress) port $tcp_services
#pass in quick on egress inet proto tcp to (egress) port 143 rdr-to $imap_box synproxy state
pass in quick on em0 inet proto tcp to port 143 rdr-to $imap_box synproxy state
#pass in quick on em1 inet proto tcp to port 143 rdr-to $imap_box synproxy state
#pass in out on em0 inet proto tcp to port 143 rdr-to $imap_box synproxy state
#pass on em0 from any to $imap_box binat-to em0
pass on em1 from $imap_box to any binat-to em0
pass in quick on egress inet proto tcp to (egress) port 80 rdr-to $http_box synproxy state
block in on egress inet proto icmp all icmp-type $icmp_types
pass in quick on $int_if
#pass out on em0 from 10.0.0.0/24 to any nat-to 172.16.8.13
On the FreeBSD host that I'm trying to use ports to install software with I am doing this:
Code:
setenv http_proxy http://172.16.8.40:3128
setenv ftp_proxy ftp://172.16.8.40:3128
setenv https_proxy https://172.16.8.40:3128
That proxy address/port combo is what I'm using outside of my OpenBSD router as internet access is restricted!
pfctl -ss shows:
Code:
# pfctl -ss
all tcp 10.0.0.1:22 <- 10.0.0.10:53250 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.9:143 (172.16.8.13:143) <- 172.16.8.12:55195 ESTABLISHED:ESTABLISHED
all tcp 172.16.8.12:55195 -> 10.0.0.9:143 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.9:143 (172.16.8.13:143) <- 172.16.8.12:55210 ESTABLISHED:ESTABLISHED
all tcp 172.16.8.12:55210 -> 10.0.0.9:143 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.9:143 (172.16.8.13:143) <- 172.16.8.12:55211 ESTABLISHED:ESTABLISHED
all tcp 172.16.8.12:55211 -> 10.0.0.9:143 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.1:22 <- 10.0.0.10:53307 ESTABLISHED:ESTABLISHED
all tcp 172.16.8.40:3128 <- 10.0.0.5:58513 ESTABLISHED:ESTABLISHED
all tcp 172.16.8.13:52735 (10.0.0.5:58513) -> 172.16.8.40:3128 ESTABLISHED:ESTABLISHED
but still am unable to download anything from
ftp://ftp.freebsd.org