[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

problem with ftp-proxy

'lo all.

i recently ran into a small issue with ftp-proxy running on my
firewall...I definately know this is a misconfiguration problem
as I have had this working as of yesterday.  when I attempt to
connect to a FTP site from behind the firewall, I do get an
initial connection, but then am immediately dropped by the remote
host with the following error:
    421 Service not available, remote server has closed connection
and get the following error on the console of my firewall:
    Jul  6 08:55:56 smitty ftp-proxy[15298]: cannot find user proxy

running 'tcpdump -n -e -ttt -i pflogd' shows nothing getting blocked.
at first I thought it was not catching it because i had
    set loginterface sis0
but I soon changed it to
    set loginterface sis2
which is my $TRUST_IF (or internal) interface and still saw no
packets being dropped.

I'm running OpenBSD 3.6 on a Soekris NET4801, relevant files and
outputs are listed below (lines wrapped to be <80 columns)...

here is my relevant lines from my pf.conf:
    rdr on $TRUST_IF proto tcp from $TRUST_NET to any port 21 \
        -> port 8021
where $TRUST_IF and $TRUST_NET correspond to the NIC and mask
for my internal network.

here is my relevant lines from my inetd.conf:
-------------------------------------------- stream tcp nowait root \
        /usr/libexec/ftp-proxy ftp-proxy

here is the output of 'netstat -nl':
    Active Internet connections
    Proto Recv-Q Send-Q  Local Address  Foreign Address (state)
    tcp   0      0 *.*             LISTEN

my 'ps -ax' output:
        1 ??  Is      0:00.04 /sbin/init
    21764 ??  Is      0:02.51 /sbin/mount_mfs -s 16384 /dev/wd0b /tmp
    28062 ??  Is      0:00.08 /usr/sbin/inetd
    12175 ??  Is      0:00.11 syslogd: [priv] (syslogd)
    30702 ??  I       0:00.38 /usr/sbin/syslogd -p /var/run/log
    15472 00  Is      0:02.07 -ksh (ksh)
    19016 00  ?+      0:00.00 ps -ax

I'm at a loss at this point...any ideas anyone?


Visit your host, monkey.org