DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 20th November 2008
milo974 milo974 is offline
Fdisk Soldier
 
Join Date: Jul 2008
Posts: 58
Thanked 0 Times in 0 Posts
Question ftp-server behind pf/nat

hello,

at work :
internet-->cisco modem router-->OpenBSD4.3 with PF/NAT-->servers

Internet ip address is fixe : 193.253.XXX.XXX
OpenBSD Gateway : 192.168.0.73(rl0) / 192.168.1.73 (fxp0)
Modem Router : 192.168.1.254
ftp-server : 192.168.0.88 (windows server 2003,iis)

Ports 21,20 are opened on cisco modem router (to openbsd gateway)
on OpenBSD Machine :
- added in rc.conf.local
ftpproxy_flags="-R 192.168.0.88 -p 21 -b 192.168.0.73"

- added theses lines in my pf.conf (my block policy, block in log on ext_if) :
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on egress proto tcp from any to port 21 -> $ftp-server
rdr on egress proto tcp from any to port 20 -> $ftp-server
pass in quick on egress proto tcp to $ftp-server \
port 21
pass in quick on egress proto tcp to $ftp-server \
port 20

At home, i can't access ftp, in active mode or in passive mode (return me 192.168.0.88), someone can help me please ?

Last edited by milo974; 20th November 2008 at 04:37 PM. Reason: more precision
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sun Java System Web Server - Active Server Pages (yes ASP) hopla FreeBSD General 0 26th September 2008 08:22 AM


All times are GMT. The time now is 05:28 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick