Kernel_Killer
September 14th, 2003, 00:33
I'm trying to let all ftp transactions past pf, but having much trouble. I setup pf to use ftp-proxy, and still having errors. This is how I have it set.

PF entries:


rdr on $if2 proto tcp from any to any port 21 -> 127.0.0.1 port 8021

pass in on $external inet proto tcp from any to $external port > 54999 keep state
[/code:1:286271dea5]

and in inetd.conf, I have:

[code:1:286271dea5]
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n -m 55000
[/code:1:286271dea5]

I can log into FTP servers easy with passive mode, but anything active will not pass. Here is the error I get:

[code:1:286271dea5]
Sep 13 13:02:49 dark6 ftp-proxy[30087]: xfer_data (server to client): failed (Connection reset by peer) with flags 00
[/code:1:286271dea5]

If I switch to "passive off" while logged into a FTP, I don't have an issue, but if I do a FTP install from a BSD without passive mode, I cannot even log in.