|
|||
Ftp & pf
Now that I have almost everything working I am left with my final hurdle; FTP.
My ftp sessions freeze up after issuing the 'LIST' command, until the session times-out. FTP-Proxy command: ftp-proxy -p 8021 -R 192.168.0.101 -P 21 -D7 -v -d -a 50.x.x.x Results: #8 accepted connection from 72.38.43.86 #8 FTP session 1/100 started: client 72.38.43.86 to server 192.168.0.101 via proxy 50.x.x.x #8 server: 220 ProFTPD 1.3.5rc3 Server (Debian) [50.115.176.101]\r\n #8 client: USER bsd_matt\r\n #8 server: 331 Password required for bsd_matt\r\n #8 client: PASS password\r\n #8 server: 230 User bsd_matt logged in\r\n #8 client: SYST\r\n #8 server: 215 UNIX Type: L8\r\n #8 client: PWD\r\n #8 server: 257 "/" is the current directory\r\n #8 client: PASV\r\n #8 server: 227 Entering Passive Mode (50,x.x.x,127,143).\r\n #8 passive: client to server port 32655 via port 54291 #8 proxy: 227 Entering Passive Mode (127,0,0,1,212,19)\r\n #8 client: LIST\r\n #8 client: ABOR\r\n ************************************************** *********** pf.conf: # The name of your virtual internal NIC group ext_if = "em0" int_if = "em2" testbench_pub_ip = "50.x.x.x" testbench = "192.168.0.101" icmp_types = "{ echoreq, unreach }" pass inet proto icmp all icmp-type $icmp_types set block-policy drop set loginterface egress set loginterface em0 set loginterface em2 set limit { states 1000000, src-nodes 100000, tables 1000000, table-entries 1000000 } set skip on { lo0, $int_if } match in log all scrub (no-df) # NAT match out log on egress inet from !(egress:network) to any nat-to (egress:0) block in quick inet6 all block out quick inet6 all block in log all pass out log inet keep state pass in log on { $int_if } match out on $ext_if inet from $int_if nat-to ($ext_if) anchor "ftp-proxy/*" pass in log on $ext_if inet proto tcp to $testbench_pub_ip port ftp flags S/SAFR modulate state rdr-to 127.0.0.1 port 8021 pass out log on $int_if inet proto tcp to $testbench port 21 user proxy ************************************************** * |
Tags |
ftp ftp-proxy pf |
Thread Tools | |
Display Modes | |
|
|