Subject: Re: pf and ftp-proxy
To: None <netbsd-users@netbsd.org>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: netbsd-users
Date: 07/15/2005 00:04:23
On Thu, Jul 14, 2005 at 10:54:54PM +0100, Patrick Welche wrote:
> On Thu, Jul 14, 2005 at 11:27:49PM +0200, scalopus wrote:
> > Hi,
> > i am not sure if you have modified inetd, but you need to have
> > the ftp-proxy daemon running if you want to use it in the pf.
> > Add the following line to inetd.conf:
> >
> > 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
>
> Unfortunately I already have, that is why the ftp-proxy wrote the
> debug message. The fun since then is that of course the NetBSD ftp
> client seems to work no matter what (with or without -A), so I use
> the microsoft client, whose connection gets blocked by the antivirus
> software(!) and the xp firewall. After all that I have a working setup
> on the magic laptop, with a windows 95 client, but not on the desktop.
> This is the same desktop for which ipf didn't work, and the same laptop
> for which ipf did work. (What does Feature mask: 0x10a in ipf -V mean?)
> (http://mail-index.netbsd.org/current-users/2005/07/07/0010.html
> http://mail-index.netbsd.org/current-users/2005/07/08/0007.html)
The only difference I can spot are
working broken
ethernet cards rtk/xi bge/ex
ipf feature mask 0x10a 0xa
With ipf, "bad NAT", with pf, broken active ftp. In both cases a packet
is blocked going out of the internal interface..
Patrick