Hi,
I have an FTP server inside a jail and when I use this following rules, I can access the FTP server and see all files
but When I tried to have more defined controle and separate the
Could someone please tell me why the second method is not working?
Thank you
I have an FTP server inside a jail and when I use this following rules, I can access the FTP server and see all files
Code:
ExtIf = "bce0"
JailIf = "lo1"
ftp_ext= "91.203.xx.xxx"
ftp_int= "10.8.20.12"
# NAT Rules
nat on $ExtIf from $JailIf:network to any -> ($ExtIf)
nat on $ExtIf from { $ftp_int } to any -> $ftp_ext
# --- redirect ftp traffic to the internal ftp server ---#
rdr pass on $ExtIf inet proto tcp from any to $ftp_ext port 21 -> $ftp_int port 21
rdr pass on $ExtIf inet proto tcp from any to $ftp_ext port 49000:51000 -> $ftp_int
# --- pass outgoing ftp traffic ---
pass out quick log on $JailIf inet proto tcp from any to $ftp_int port 21 keep state tag FTP label "ftp"
pass out quick log on $JailIf inet proto tcp from any to $ftp_int port 49000:51000 keep state tag FTP_PASV label "ftp-passive"
pass
from the rdr
line, I am not longer able to establish the connection.. Here is my new converted code:
Code:
rdr on $ExtIf inet proto tcp from any to $ftp_ext port 21 -> $ftp_int port 21
rdr on $ExtIf inet proto tcp from any to $ftp_ext port 49000:51000 -> $ftp_int
pass in log on $ExtIf inet proto tcp from any to $FtpExt port 21
pass in log on $ExtIf inet proto tcp from any to $FtpExt port 49000:51000
pass out quick log on $JailIf inet proto tcp from any to $ftp_int port 21 keep state tag FTP label "ftp"
pass out quick log on $JailIf inet proto tcp from any to $ftp_int port 49000:51000 keep state tag FTP_PASV label "ftp-passive"
Thank you