| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
ftp over nat: ftp-proxy (OpenBSD 3.8 and earlier equivalents)
/etc/inetd.conf
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n
- restart inetd
FreeBSD+NetBSD$ sudo /etc/rc.d/inetd restart OpenBSD$ sudo kill -HUP `cat /var/run/inetd.pid`
/etc/pf.conf
rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# [...]
pass in on $ext_if inet proto tcp from port ftp-data to ($ext_if) \
user proxy flags S/SA keep state- load your new rules
$ sudo pfctl -f /etc/pf.conf