On Mon, Apr 16, 2012 at 09:39:38AM +0200, Hasse Hansson wrote: > To solve the ftp pre 4.7 part, you can start reading here > http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM > > /Hasse > -----Oprindelig meddelelse----- > Fra: owner-freebsd-questions_at_freebsd.org > [mailto:owner-freebsd-questions_at_freebsd.org] På vegne af Fbsd8 > Sendt: den 16 april 2012 04:31 > Til: FreeBSD Questions; FreeBSD Current; FreeBSD doc > Emne: Re: pf firewall and ftp > > Fbsd8 wrote: > > Running 9.0 as a gateway host with pf firewall enabled. > > FTP is launched by inetd. > > Both active and passive ftp works from lan pc's to the host ftp. > > The lan ftp session can be initiated from the host or any lan pc and > > things work because there are no rules on the lan interface except > > single pass all rule. > > > > But I can not do host initiated or lan initiated ftp sessions to the > > public internet. Get "operation not permitted" message. Tried to setup > > ftp-proxy per openbsd pf manual without any joy. > > > > Looking for working rule set with nat and ftp services to study and > > learn from. > > > > > > > > OK I have uncovered what the problem is. > The pf version running on Freebsd 9.0 matches the version running on openbsd > 4.5. Found it on man pf at the end. > > The documentation on the Openbsd website for pf is for Openbsd 5.0 and it > has warning saying "NOTE: This information is for OpenBSD 4.7. NAT > configuration was significantly different in earlier versions." > http://pf4freebsd.love2party.net/ has more info about how back dated the > 9.0 Freebsd production version of pf is. > > The Freebsd handbook had a detailed section on pf including rules examples > matching the version of pf included with 9.0 But someone allowed it to be > removed in the current version of the handbook. > > So here we are with an outdated version of pf in the current production > 9.0 version of Freebsd and there is no documentation available on nat rule > syntax in the handbook or at openbsd/pf. The version of PF in FreeBSD is corresponds to the one in OpenBSD 4.5. There are old versions of the OpenBSD PF FAQ on mirrors: http://ftp2.eu.openbsd.org/pub/OpenBSD/doc/history/pf-faq45.pdf http://ftp2.eu.openbsd.org/pub/OpenBSD/doc/history/pf-faq45.txt > Going to dig through the 9.0 pf man pages for the info The rules should also be documented in the man pages. -- Denny LinReceived on Mon Apr 16 2012 - 11:21:40 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:26 UTC