Thread: Ftp & pf
View Single Post
  #5   (View Single Post)  
Old 12th December 2013
bsd_matt bsd_matt is offline
Port Guard
 
Join Date: Oct 2013
Posts: 12
Default

PF.conf:

ext_ip = "50.115.x.x"
ftp_ip = "192.168.0.101"
match out on $ext_if inet from $int_if nat-to ($ext_if)
anchor "ftp-proxy/*"
pass in on $ext_if inet proto tcp to $ext_ip port { ftp, ftp-data } divert-to 127.0.0.1 port 8022
pass out on $int_if inet proto tcp to $ftp_ip port { ftp, ftp-data } user proxy
================================================== =====
ftp-proxy:
ftp-proxy -d -D7 -v -p 8022 -R 192.168.0.101 -P 21

This results in the same situation.
As soon as I get this working I have 10 other ftp servers I need to allow through. An old OBSD v4.8 box currently works with these settings:

old pf.conf:

pass in log on $ext_if proto { tcp, udp } from any to 38.x.x.x port { ftp ftp-data } rdr-to $upload_ip
.
.
pass in log on $ext_if inet proto tcp from any to $server_1 port ftp flags S/SAFR modulate state rdr-to 127.0.0.1 port 8022
pass in log on $ext_if inet proto tcp from any to $upload_ip port ftp flags S/SAFR modulate state rdr-to 127.0.0.1 port 8023
pass in log on $ext_if inet proto tcp from any to $server_2 port ftp flags S/SAFR modulate state rdr-to 127.0.0.1 port 8024

and ftp-proxy:
/usr/sbin/ftp-proxy -p 8022 -R 192.168.0.226 -P 21
/usr/sbin/ftp-proxy -p 8023 -R 192.168.0.152 -P 21
/usr/sbin/ftp-proxy -p 8024 -R 192.168.0.111 -P 21
############################
What I fail to understand is how/why the old gateway works fine but the new settings do not.

Last edited by bsd_matt; 12th December 2013 at 04:18 PM.
Reply With Quote