View Single Post
  #2   (View Single Post)  
Old 22nd July 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Due to to the way ftp-proxy works, you cannot use ftp on the router itself. Ftp traffic passing through the internal router interface is redirected to ftp-proxy for handling. Ftp connections originated from the router itself go out directly through the external interface, thus bypassing ftp-proxy

If you want to use ftp on the router you could create an anchor and temporarily attach two rules to it
  1. pass out tcp traffic originating from the external public address with destination port 21

    This rule will handle the ftp command channel

  2. pass out tcp traffic originating from the external public address to any IP address with destination ports >1023

    This rule will take care of the ftp data channel connections (for passive ftp)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote