On Thu, Mar 06, 2008 at 03:57:39PM +0200, Andrey A.
Belashkov wrote:
> Hello.
> I need setup non standart nat rules by pf for ftp.
> All outgoing ftp connections must nat behind
172.16.5.10 address
> assigned by mpd to ng0.
>
> I setup mpd, interface is up and if i use as source
address 172.16.5.10
> for ftp all is fine. But ftp function in php cant
choose source address,
> so i need use nat.
>
> When i setup pf with rules:
> set optimization normal
> set block-policy return
> scrub in all
> nat on em0 from any to any port { 20 21 } ->
172.16.5.10
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr on ng0 proto tcp from any to any port 21 ->
127.0.0.1 port 8021
> anchor "ftp-proxy/*"
> pass out quick on em0 route-to { (ng0 172.16.5.1) }
from 172.16.5.10 to any keep state
> pass in all
> pass out all
>
> and start ftp-proxy with keys "-a 172.16.5.10 -r
-vv -m 500" and try to
> connect any ftp server - server respond and show me his
login prompt.
> But when i try list files on ftp, client cant setup
data connection.
> In passive and in active modes.
>
> How i can fix this problem?
Your pf rules for FTP are wrong. Please see this thread:
http://lists.freebsd.org/pipermail/freebsd-p
f/2008-March/004148.html
--
| Jeremy Chadwick jdc at
parodius.com |
| Parodius Networking http://www.parodius.com/
|
| UNIX Systems Administrator Mountain
View, CA, USA |
| Making life hard for others since 1977.
PGP: 4BD6C0CB |
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
