Subject: Ftp proxy working with pf (was: pf doesn't start normally anymore)
To: Peter Postma <firstname.lastname@example.org>
From: Mipam <email@example.com>
Date: 08/11/2005 23:47:16
Somewhat of topic but for those who would possible find it interesting:
I use ftp-proxy to get ftp functionality for internal clients combined
Below are the pf rules to get it working:
# Redirect transparantly all ftp connects to the outside world to the
# loopback interace on port 8021 where ftp-proxy is listening.
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
# Allow active ftp session to come back to ftp-proxy to make it work
# btw, i've not seen any ftp-proxy advisory so im not afraid the outside
# world can talk to ftp-proxy
pass in on $ext_if inet proto tcp from any \
to $ext_if port 55000 >< 57000 user proxy \
flags S/SA keep state
Then you'd need a line in /etc/inetd.conf to get it working:
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n
-p -u proxy -m 55000 -M 57000 -t 180
Of course, provided you defined the user proxy and group proxy first.
ALso enable pf in the kernel and create a node in /dev:
in /dev: sh ./MAKEDEV pf
will do the trick.