View Single Post
  #1   (View Single Post)  
Old 6th May 2008
clinty clinty is offline
New User
 
Join Date: May 2008
Posts: 3
Default pf and ftp-proxy

Hello.

I have a machine with a pf firewall. I want *this* machine (not a machine behind this firewall) could have ftp traffic out. I don't have an internal interface. Just an external interface (sk0). I followed the FAQ page of pf and manpage. But it does not work :-(

This is my pf.conf:

Code:
ext_if="sk0"

#table <spamd-white> persist

set skip on lo

#scrub in

nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $ext_if proto tcp to port ftp -> 127.0.0.1 port 8021

anchor "ftp-proxy/*"
block in log
block out log

pass on $ext_if proto icmp
antispoof quick for { lo $ext_if }

pass in on $ext_if proto tcp to ($ext_if) port ssh
pass in on $ext_if proto tcp to ($ext_if) port smtp

pass out on $ext_if proto tcp from ($ext_if) to port ftp
pass out on $ext_if proto tcp from ($ext_if) to port smtp
pass out on $ext_if proto tcp from ($ext_if) to port domain
pass out on $ext_if proto udp from ($ext_if) to port domain
I have ftp-proxy launched:

Code:
2610 ??  Is      0:00.01 /usr/sbin/ftp-proxy -r
Unfortunaly, ftp traffic does not work. I have to have a default "pass out" in pf rules for it works.
Does I forgot something ?

Thanks for all helps.

Regards,
Reply With Quote