pf ftp issue on FreeBSD

鑑於 OpenBSD 與 FreeBSD 設定 pf.conf 的方式不太相同
所以在這裡寫下當 ftp server 在 pf firewall 下對應的設定方式,並能使 client ftp 到外部 ftp server

#vi /etc/inetd.conf — 如一般 ftp client 設定一樣加入下列這行

ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy

#vi /etc/pf.conf

——————————————————————————
# Macros: define common values, so they can be referenced and changed easily.
ext_if=”tun0″ # replace with actual external interface name i.e., dc0
int_if=”em0″ # replace with actual internal interface name i.e., dc1
ftpsrv_ip=”192.168.2.210″
internal_net=”192.168.2.0/24″

# rdr outgoing FTP requests to the ftp-proxy
rdr-anchor “ftp-proxy/*”
rdr pass on $int_if proto tcp from $internal_net to any port ftp -> 127.0.0.1 port 8021
rdr pass on $ext_if proto tcp from any to $ext_if port 20:21 -> $ftpsrv_ip port 20:21

# pass incoming ports for ftp-proxy
pass in on $ext_if proto tcp from any to any port > 49151 keep state
pass out on $ext_if proto tcp from any to any port > 49151 keep state
pass in on $ext_if proto tcp from any to any port 20:21 keep state
pass out on $ext_if proto tcp from any to any port 20:21 keep state
pass in on $int_if proto tcp from any to any port 20:21 keep state
pass out on $int_if proto tcp from any to any port 20:21 keep state
pass in on $int_if proto tcp from any to any port > 49151 keep state
pass out on $int_if proto tcp from any to any port > 49151 keep state
anchor “ftp-proxy/*”
——————————————————————————

#pfctl -f /etc/pf.conf
此時別的 user 將可從外面連到這台於 pf firewall 之後的 ftp server,而在內部網路的 client 也可正常使用 ftp client 服務…

Social tagging: >

Comments are closed.