If somebody can port this to freebsd will be great, and will make PF so far the best firewall -------------------------------------------------------------------------------------------------------------------------------------------------------- The two most important parts are: - recursive anchors (appeared in OpenBSD 3.6). Maybe Max knows when those when into FreeBSD? - libevent > 0.8 (from ports/devel/libevent) Anything else that crops up should be easily fixable. Max Laier wrote: >[Please fix your systemtime or timezone] > >On Thursday 25 November 2004 09:28, Marcos Biscaysaqu - ThePacific.net wrote: > > >>Hi there. >>somebody know how to make this work on freebsd??? >>--------------------------------------------------------------------------- >> >>Ok, bleeding edge pf people... I wrote a new FTP proxy called "pftpx" and >>I'd like to solicit some feedback from the community... >> >>Why should you try it? What advantages does pftpx offer? >>1) it handles all ftp modes: PORT, PASV, EPRT, EPSV >>2) it handles ipv6 >>3) it should scale: one process handles all sessions using libevent >>4) it works with "strict" ftp clients (clients that want data connections >> to the same IP as the control connection) >> >> >>Quick guide: >>- you need libevent-0.8 (OpenBSD 3.6 has it) >> >> > >Libevent is in ports (devel/libevent - version 0.9). > > > >>- download http://www.sentia.org/downloads/pftpx-0.3.tar.gz >>- untar, make >>- add this to pf.conf in the nat section: >> >>nat-anchor "pftpx/*" >>rdr-anchor "pftpx/*" >> >> > >That looks not so good. ".../*" anchors are a 3.6 thing, while FreeBSD is >en-par with 3.5. From a first look and common sense, I don't think it's a >requirement, but you might have to change some code to make it work. > > > >>rdr pass on $if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 >> >>- add this to pf.conf in the rule section: >> >>anchor "pftpx/*" >> >> > >Same here. > > > >>- run the proxy in debug mode: sudo pftpx -d -D7 >>- ready to go... >> >>Sorry, no manpage yet, this is bleeding edge after all. Don't run this in >>production if your job depends on it. :-) >> >>All feedback welcome, also if you want to suggest a better name. :-) >> >> > >I'd be more than happy to see this ported, looks useful! > > >Received on Wed Nov 24 2004 - 20:39:34 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:23 UTC