You are here: Home / OpenBSD / Insecure's ftp-proxy FAQ

Insecure's ftp-proxy FAQ

A few things we've learned about ftp-proxy that aren't on the main ftp-proxy FAQ

Q: I set up ftp-proxy just like it says on that web page and it doesn't work.

A: First of all, that's not a question. Second, here are some things you should check:

  1. If you're using "set skip on $int_if" or something similar, you have to cut it out. 'set skip' doesn't work when you're trying to run ftp-proxy. Replace it with "pass in on $int_if all" and "pass out on $int_if all" to get the same effect.
  2. If you're using a vlan tagged firewall, your rdr rule needs to affect the vlan you want to enable ftp-proxy on, not simply the internal interface.

Instead of this:

rdr on $int_if proto tcp from any to any port 21 - > 127.0.0.1 port 8021

You need this:

rdr on $my_vlan0 proto tcp from any to any port 21 - > 127.0.0.1 port 8021

You need one rule for each vlan you'd like ftp-proxy to work on. (You can try curly braces { $my_vlan0 $my_vlan1 } and report back the results if you'd like.)

When:

Where:

Contact