DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 6th May 2008
clinty clinty is offline
New User
 
Join Date: May 2008
Posts: 3
Thanked 0 Times in 0 Posts
Default pf and ftp-proxy

Hello.

I have a machine with a pf firewall. I want *this* machine (not a machine behind this firewall) could have ftp traffic out. I don't have an internal interface. Just an external interface (sk0). I followed the FAQ page of pf and manpage. But it does not work :-(

This is my pf.conf:

Code:
ext_if="sk0"

#table <spamd-white> persist

set skip on lo

#scrub in

nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $ext_if proto tcp to port ftp -> 127.0.0.1 port 8021

anchor "ftp-proxy/*"
block in log
block out log

pass on $ext_if proto icmp
antispoof quick for { lo $ext_if }

pass in on $ext_if proto tcp to ($ext_if) port ssh
pass in on $ext_if proto tcp to ($ext_if) port smtp

pass out on $ext_if proto tcp from ($ext_if) to port ftp
pass out on $ext_if proto tcp from ($ext_if) to port smtp
pass out on $ext_if proto tcp from ($ext_if) to port domain
pass out on $ext_if proto udp from ($ext_if) to port domain
I have ftp-proxy launched:

Code:
2610 ??  Is      0:00.01 /usr/sbin/ftp-proxy -r
Unfortunaly, ftp traffic does not work. I have to have a default "pass out" in pf rules for it works.
Does I forgot something ?

Thanks for all helps.

Regards,
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ftp-proxy in openbsd brody OpenBSD General 2 20th October 2008 04:18 PM
FTP-Proxy cannot connect plexter OpenBSD Packages and Ports 6 11th October 2008 05:59 PM
Tunnel to Proxy PatrickBaer General software and network 2 11th August 2008 03:32 PM
proxy : replace gif with local gif milo974 OpenBSD General 4 17th July 2008 06:45 AM
ftp-proxy on transparent bridge mswall OpenBSD Security 4 7th July 2008 01:30 PM


All times are GMT. The time now is 04:27 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick