ftp-proxy ... no luck...

From: No Spam (no_spam_at_post_to_newsgroup.plz)
Date: 09/20/04

Next message: Peter Matulis: "Re: ftp-proxy ... no luck..."

Previous message: Michael Cribbins: "Re: Slow upload speeds with OBSD 3.3"
Next in thread: Peter Matulis: "Re: ftp-proxy ... no luck..."
Reply: Peter Matulis: "Re: ftp-proxy ... no luck..."
Reply: Ben: "Re: ftp-proxy ... no luck..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 20 Sep 2004 20:47:01 +0200

Hi,
I've bee trying for 2 days to setup ftp-proxy for my home network,
unfortunately, I did not succeed. I really don't know what I should try now.

Please keep in mind that I would like to preserve a default deny rule on
all interfaces!
"block log-all all" (I want to keep this rules)

I'm using openbsd 3.6 beta.

The crazy thing here is that I can't see any blocked traffic, it might
be a nat or rdr problem or whatever... I'm really lost...

Here is the proxy entry from inetd.conf:
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy
ftp-proxy -u proxy -m 55000 -M 57000 -t 180

Here is the last pf.conf I tried:
### VARIABLE ###
Int = "sis0"
Ext = "sis2"
Router = "172.16.43.2"
IntNet = "172.16.43.0/24"
Loop = "lo0"
Udp_ports ="{ 53, 500, 2746 }"
Tcp_ports ="{ 22, 80, 119, 443, 500 }"
IcmpTypes ="echoreq"

#10## OPTIONS ###
#set loginterface $Ext
set block-policy return

# Fragment
scrub on $Ext all fragment reassemble random-id

# Nat aktivieren
nat on $Ext from $IntNet to any -> ($Ext)
rdr on $Int proto tcp from $IntNet to any port 21 -> 127.0.0.1 port 8021

# default rules
pass quick on lo0 all
block quick inet6 all
block log-all all

# INTERNAL INTERFACE SIS0
pass in on $Int inet proto tcp from $IntNet to lo0 port 8021 modulate state
pass in on $Int inet proto tcp from $IntNet to any port $Tcp_ports tag
INTERNAL modulate state
pass in on $Int inet proto udp from $IntNet to any port $Udp_ports tag
INTERNAL keep state
pass in on $Int inet proto icmp all icmp-type $IcmpTypes tag INTERNAL
keep state
pass out on $Int inet proto tcp from any port 21 to $IntNet

# external interface SIS2
pass out on $Ext inet proto udp from $Ext to any port { 53, 123 } keep state
pass out on $Ext inet proto tcp to any tagged INTERNAL modulate state
pass out on $Ext inet proto { udp, icmp } to any tagged INTERNAL keep state
pass out on $Ext inet proto tcp from $Ext port 55000 >< 57000 to any
port 21 modulate state

Next message: Peter Matulis: "Re: ftp-proxy ... no luck..."

Previous message: Michael Cribbins: "Re: Slow upload speeds with OBSD 3.3"
Next in thread: Peter Matulis: "Re: ftp-proxy ... no luck..."
Reply: Peter Matulis: "Re: ftp-proxy ... no luck..."
Reply: Ben: "Re: ftp-proxy ... no luck..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]