[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ftp on DMZ problems

To: misc@openbsd.org
Subject: ftp on DMZ problems
From: Bryan Irvine <bryan.irvine@kingcountyjournal.com>
Date: 02 Jun 2003 09:35:15 -0700

I was having some problems with my FTP server (running OBSD) behind a
firewall (OBSD running pf), in that whenever I had my pf rules tightened
down, the ftp server would take a _really_ long time to bring up the
authentication window.  A look at the pf logs reveals a reverse ip-name
lookup by the FTP server immediatelly after the connection is made. 
When I use a pass in all/pass out all rule, it works just fine, but I
can't leave it like that.  I had to edit resolv.conf to disable remote
lookups.  Any ideas?  I am using a pass out all keep state, so that
should allow the name lookup to get back in once the request was made
right?

--Bryan

Prev by Date: chroot
Next by Date: Good Example of pf.conf ?
Prev by thread: Re: chroot
Next by thread: [fixed] Re: ftp on DMZ problems
Index(es):
- Date
- Thread