Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 23rd December 2011
mikygee mikygee is offline
Port Guard
Join Date: Oct 2011
Posts: 15
Default Openbsd 4.9 ftp as a client


I'm trying to write rules to let the ftp go out. My OpenBSD acts as a client and pf is located on that same machine. There is no other filtering.
I use OpenBSD 4.9 and the syntax differs from one version to another (betwen 4.8 and 5.0).

I've done these actions

I've started ftp-proxy
PHP Code:
# ftp-proxy -dv
# ps aux | grep ftp
proxy    16931  0.0  0.0   356   896 ??  Is    Wed11PM    0:00.04 /usr/sbin/ftp-proxy 

I've added those rules in pf.conf
PHP Code:
anchor "ftp-proxy/*"
pass out proto tcp from any to any port ftp
pass in quick proto tcp to port ftp rdr
-to port 8021 
The forwarding is enabled
PHP Code:
# sysctl net.inet.ip.forwarding

I've reloaded the rules
PHP Code:
# pfctl -f /etc/pf.conf 
And it doesn't work

The control channel works but as soon as I start the data channel it doesn't (for example ls in ftp)
PHP Code:
# tcpdump -n -e -ttt -i pflog0
Dec 23 23:19:59.472942 rule 0/(matchblock out on re0192. 839425086:839425086(0win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 45926882[|tcp]> (DF
In the ftp-proxy -dv (I did not deamonized it) I see nothing. I think the flow is not properly passed to the daemon.
And this rule do not match
PHP Code:
pass in quick proto tcp to port ftp rdr-to port 8021 
because the flow is gererated locally and not from the lan

Does anyone have an idea ?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Which mail client do you use? guitarscn Off-Topic 17 11th November 2010 03:12 PM
OBSD client hangs mounting NFS; Linux client doesn't amorphousone OpenBSD General 7 26th August 2010 05:21 AM
Server-Client c0mrade Programming 3 18th March 2009 05:22 PM
IM Client schrodinger OpenBSD Packages and Ports 6 16th September 2008 02:09 PM
DDNS Client revzalot OpenBSD Installation and Upgrading 3 12th August 2008 02:21 AM

All times are GMT. The time now is 08:45 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick