[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trouble getting FTP through NAT

To: "Chris Zakelj" <c.zakelj@ieee.org>, <misc@openbsd.org>
Subject: Re: Trouble getting FTP through NAT
From: "Jason Haag" <jason@macrosys.com>
Date: Mon, 23 Feb 2004 09:54:56 -0500
Content-class: urn:content-classes:message
Thread-Index: AcP6D/WaGXSSu5/mRIaLIVwuvUlQbQADL5Ow
Thread-Topic: Trouble getting FTP through NAT

[...]
> # Filtering rules
> # Drop anything that doesn't get passed later on block drop all
> 
> # All locally generated traffic must pass pass quick on lo0 all
> 
> # Clean the internet of invalid src/dest packets block drop 
> in quick on $ext_if from $priv_nets to any block drop out 
> quick on $ext_if from any to $priv_nets
> 
> # Pass FTP/SSH/IDENT traffic in
> pass in on $ext_if proto tcp from any to $ext_if port 
> $tcp_services flags S/SA keep state
> 
> # Pass valid internet traffic
> pass in on $int_if from $int_if:network to any keep state 
> pass out on $int_if from any to $int_if:network keep state 
> pass out on $ext_if proto tcp all modulate state flags S/SA 
> pass out on $ext_if proto { udp, icmp } all keep state
[...]

Looks like you forget to let the ftp-proxy replies back in... Look at
man pages for ftp-proxy and the example in the default pf.conf.

HTH,
-Jason

Follow-Ups:
- Re: Trouble getting FTP through NAT (SOLVED)
  - From: Chris Zakelj <c.zakelj@ieee.org>

Prev by Date: Re: Trouble getting FTP through NAT
Next by Date: Re: Trouble getting FTP through NAT (SOLVED)
Prev by thread: Re: Trouble getting FTP through NAT
Next by thread: Re: Trouble getting FTP through NAT (SOLVED)
Index(es):
- Date
- Thread