[FUG-BR] dificuldades com ftp + pf + nat

Wildes Miranda gowmo em yahoo.com.br
Quinta Janeiro 25 21:04:50 BRST 2007 

saudacoes ,
pessoal estou precisando de um help ! estou tendo problemas
com ftp e nat.as configuracoes q tenho e testes q fiz sao
seados no historico da lista, e outros posts, aparentemente
minha configuracao e difente pq observei q soh se faziam proxy
na saida, estou querendo fazer na entrada, se nao for preciso
gostaria de ser alertado sobre outra solucao.
estou usando o FreeBSD-5.5-STABLE e
tenho o objetivo de configurar os seguinte cenario .:

CLIENTE FTP (internet) <-> fw (PF) <-> ftp (vsftpd)

#vsftpd.conf

listen=YES
background=YES
anonymous_enable=yes
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
ftpd_banner="Itecgyn Informatica ME. Bem vindo !"
pam_service_name=vsftpd
chroot_local_user=yes
secure_chroot_dir=/usr/local/share/vsftpd/empty
pasv_min_port=50000
pasv_max_port=50010

#pf.conf
ext_if="tun0"
int_if="xl0"
ftp_server="192.168.0.253"
nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $ext_if proto tcp from any to $ext_if port 21 -> localhost port 8021
anchor "pftpx/*"
pass out all keep state
pass in  all keep state

#man pftpx

-f address
             Fixed server address.  The proxy will always connect to the same
             server, regardless of where the client wanted to connect to
             (before it was redirected).  Use this option to proxy for a
             server behind NAT, or to forward all connections to another
             proxy.
-p address
             Proxy source address.  The proxy will use this as the source
             address to connect to servers.

#rc.conf

pftpx_enable="YES"
pftpx_flags="-f 192.168.0.253 -p 192.168.0.254"

# ps -A | grep pftpx 
1040  ??  Ss     0:00.21 /usr/local/sbin/pftpx -f 192.168.0.253 -p 192.168.0.254

# quando tento conectar "de qualquer lugar"

sarge~# ftp localhost 8021
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
220 "Itecgyn Informatica ME. Bem vindo !"
Name (localhost:root): gowmo
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
421 Service not available, remote server has closed connection.

#log do pftpx 

Jan 25 20:42:19 sarge pftpx[1040]: #14 pf operation failed: Invalid argument
Jan 25 20:42:19 sarge pftpx[1040]: #14 pf rule removal failed: Invalid argument

__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/

Mais detalhes sobre a lista de discussão freebsd