DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th November 2008
hitete hitete is offline
New User
 
Join Date: May 2008
Posts: 7
Default FTP ruleset questions

Hi,

I've having difficulties with my FTP ruleset.

I'm using the FTP-PROXY on openbsd for CLIENT ftp access from my LAN to INTERNET.
transparent rdr to port 8021 on localhost for all adresses on the LAN.

I want to add rules in order for my new FTP server to be accessed via Internet.

How can I do that ?.


Thanks
Reply With Quote
  #2   (View Single Post)  
Old 25th November 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Without more information, any answer is a guess. We aren't mind readers.

Let us pretend that you wish to use an FTP server on your local LAN, and currently have the following configuration:
/etc/pf.conf:
Code:
.
.
.
nat-anchor "ftp-proxy/*"
.
.
.
rdr-anchor "ftp-proxy/*"
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1  port 8021 
.
.
anchor "ftp-proxy/*"
.
.
/etc/rc.conf.local:
Code:
.
.
.
ftpproxy_flags=""
.
.
The easiest way to add an FTP server on the local network is to add a second instance of ftp-proxy, using a different port number.

You cannot add a second instance through /etc/rc.conf or /etc/rc.conf.local, as these just set variables for /etc/rc. Add the second instance in /etc/rc.local, instead.

Your first instance (set up via /etc/rc.conf.local) listens, by default, to the loopback interface port 8021.

The instance you script in /etc/rc.local will listen on port 21, and route the output to the appropriate FTP server on your LAN.

Here's an example (in /etc/rc.local) that listens on an external interface on the 192 network and routes traffic to the server on the 10 network:
Code:
.
.
.
ftp-proxy -R 10.10.10.1 -p 21 -b 192.168.0.1
.
.
I leave the pf.conf changes to you.

Last edited by jggimi; 25th November 2008 at 04:09 PM. Reason: clarification
Reply With Quote
  #3   (View Single Post)  
Old 25th November 2008
hitete hitete is offline
New User
 
Join Date: May 2008
Posts: 7
Default

OK that's very clear.
No problem for the rules, I'll take car of them.
Thanks loads !
I'll let you know once all taken care of.

Best regards.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Some Questions ?? ultranothing OpenBSD Security 6 4th September 2009 04:59 PM
first match vs last match ruleset design (pf vs iptables) zelut FreeBSD Security 5 12th July 2009 08:13 AM
ipfw ruleset double check l2fl2f FreeBSD Security 3 26th March 2009 06:32 AM
A few questions on OpenBSD? php111 OpenBSD General 24 1st November 2008 09:18 AM
rc.conf questions starbuck FreeBSD General 2 29th July 2008 06:16 PM


All times are GMT. The time now is 02:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick