September 14th, 2003, 00:33
I'm trying to let all ftp transactions past pf, but having much trouble. I setup pf to use ftp-proxy, and still having errors. This is how I have it set.

PF entries:

rdr on $if2 proto tcp from any to any port 21 -> port 8021

pass in on $external inet proto tcp from any to $external port > 54999 keep state

and in inetd.conf, I have:

[code:1:286271dea5] stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n -m 55000

I can log into FTP servers easy with passive mode, but anything active will not pass. Here is the error I get:

Sep 13 13:02:49 dark6 ftp-proxy[30087]: xfer_data (server to client): failed (Connection reset by peer) with flags 00

If I switch to "passive off" while logged into a FTP, I don't have an issue, but if I do a FTP install from a BSD without passive mode, I cannot even log in.