3.9 pf 的 ftp的問題?(

比3.8简单！以前用3.8配PF，发现有NAT FTP active mode有点小问题。3.9出来后，试着装了一下，发现问题完全解决。3.9重写了ftp-proxy！
照着默认的pf.conf配就行，把里面ftp-proxy等几行的注释去掉；inetd.conf不用再配置；rc.conf.local里加一行ftp-proxy。
# 我的 rc.conf.local 文件
pf=YES
ftpproxy_flags="" # for normal use: ""
ftpd_flags=-D # for non-inetd use: "-D"
# pf.conf 中关键的几句
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
anchor "ftp-proxy/*"
block in on $ext_if
pass out on $ext_if keep state
pass in on $ext_if proto tcp to ($ext_if) port 21 keep state

其实doc写得很清楚：
http://www.openbsd.org/faq/upgrade39.html#final

1.2. Operational changes
* ftp-proxy ftp-proxy(

was replaced by what was previously called pftpx. The new ftp-proxy runs stand-alone and not from inetd.conf(5) as it used to. You will have to update /etc/inetd.conf to no longer invoke ftp-proxy(

, and update /etc/rc.conf and /etc/rc to run the new one. Edit rc.conf or rc.conf.local to invoke the new program, for example:
echo 'ftpproxy_flags=""' >> /etc/rc.conf.local
The new proxy uses anchors to allow data connections, which means that your existing /etc/pf.conf must be adapted. In the NAT section you need:
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
They are mandatory, even if you don't use NAT otherwise. The following rule, that is probably already there for the old ftp-proxy, must stay:
rdr pass on $int_if proto tcp from $lan to any port 21 -> \

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有