[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf ftp-proxy FAQ suggestion: passing packets on 8081

To: misc@openbsd.org
Subject: pf ftp-proxy FAQ suggestion: passing packets on 8081
From: Jim Rosenberg <jr_ml@rossint.net>
Date: 05 Jun 2002 15:03:30 -0400

I just got through getting a small internal firewall set up with pf, and
I must confess I had a small dickens translating my ipf experience to
ftp-proxy for pf. At first outbound active ftp just was not working at
all, and I could tell ftp-proxy just wasn't "firing". I knew I was
booby-trapping myself with something simple and "obvious", and yup, that
turned out to be the case. It turns out I have a default drop on the
interface for the rdr used by ftp-proxy -- I was dropping the very
packets I needed on port 8081 to get ftp-proxy to work!

At the risk of stating the obvious -- but then that's what FAQs are for,
yes? [stating the obvious so folks won't have to ask here ... :-)] would
it not be helpful to add something in the FAQ to the section "Issues
with FTP and NAT" to make sure that pf.conf allows packets to pass from
the internal network to 127.0.0.1 on port 8081. If you have a drop rule
that would not allow these packets to pass, inetd will never see a
connection attempt on 8081 and ftp-proxy will never get executed.

Follow-Ups:
- Re: pf ftp-proxy FAQ suggestion: passing packets on 8081
  - From: "Joseph C. Bender" <benderjc@benderhome.net>

Prev by Date: Re: Erratic Bridge
Next by Date: specified device does not match mounted device
Prev by thread: Re: install on 486
Next by thread: Re: pf ftp-proxy FAQ suggestion: passing packets on 8081
Index(es):
- Date
- Thread