I can not get ftp-proxy to work on FreeBSD 13.0, after upgrade from 12.2 it breaks.
The setup is a PF firewall doing NAT and with a ftp-proxy enabled, between a internal network and the company intranet.
A FTP client (10.223.120.110) on the internal network is trying to reach a FTP-server (131.97.51.225) on the intranet.
I upgraded some machines but all FTP fails after that.
The
I have reduced a working [FILE/etc/pf.conf][/FILE] on 12.2 and looks like this:
It is started in /etc/rc.conf.
On the 12.2-RELEASE-p6
After that I can happily run both active and passive FTP.
But after upgrading it to 13.0-RELEASE the same
The outgoing session will not start, just sitts there.
I added
I search for simular problem without succsess, if not the rules it must be a redirect, or, what am I missing??
The setup is a PF firewall doing NAT and with a ftp-proxy enabled, between a internal network and the company intranet.
A FTP client (10.223.120.110) on the internal network is trying to reach a FTP-server (131.97.51.225) on the intranet.
I upgraded some machines but all FTP fails after that.
The
tcpdump -netttti pflog0
do not show any denies.I have reduced a working [FILE/etc/pf.conf][/FILE] on 12.2 and looks like this:
Code:
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat pass on em1 from em0:network to any -> (em1)
rdr inet proto tcp from em0:network to any port 21 -> 127.0.0.1 port 8021
block quick inet6 all
block return in log all
anchor "ftp-proxy/*"
pass proto tcp from em0:network to 127.0.0.1 port 8021
pass proto tcp from (em1) to any port 21
It is started in /etc/rc.conf.
Code:
# PF Firewall
pf_enable="YES"
pflog_enable="YES"
gateway_enable="YES"
ftpproxy_enable="YES"
On the 12.2-RELEASE-p6
pftop -f "net 127.0.0.0/8 or host 131.97.51.225 or port 8021 or port 21 or host 10.223.120.110"
givs:
Code:
pfTop: Up State 1-2/2 (2), View: default, Order: none, Cache: 10000 13:03:18
PR DIR SRC DEST STATE AGE EXP PKTS BYTES
tcp Out 10.221.31.194:32825 131.97.51.225:21 ESTABLISHED:ESTABLISHED 00:00:22 23:59:46 17 1583
tcp In 10.223.120.110:43840 127.0.0.1:8021 ESTABLISHED:ESTABLISHED 00:00:22 23:59:46 17 1583
But after upgrading it to 13.0-RELEASE the same
pftop
givs as below, the same configuration is kept.
Code:
tcp In 10.223.120.110:37112 127.0.0.1:8021 ESTABLISHED:ESTABLISHED 00:00:01 23:59:59 3 172
I added
pass all
as the last row in /etc/pf.conf in my desperation, same result however.I search for simular problem without succsess, if not the rules it must be a redirect, or, what am I missing??