On Sun, Jan 15, 2017 at 12:26:41PM +0100, Sebastien Marie wrote: > On Sun, Jan 15, 2017 at 11:04:39AM +0000, Mik J wrote: > > Thank you Sebastien, it works. > > I was confused because I tried so many things. > > Yes the man tells "_ftp-proxy" and this page > > https://www.openbsd.org/faq/pf/ftp.html#natserverTells "proxy" > > > > Congratulations, you found two documentation bugs ! > > The man page one was already commited by deraadt@, for the faq the > following patch should do the work.
Indeed, thanks to both of you! > > Thanks. > -- > Sebastien Marie > > > Index: faq/pf/ftp.html > =================================================================== > RCS file: /cvs/www/faq/pf/ftp.html,v > retrieving revision 1.59 > diff -u -p -r1.59 ftp.html > --- faq/pf/ftp.html 19 Sep 2016 23:44:47 -0000 1.59 > +++ faq/pf/ftp.html 15 Jan 2017 11:22:23 -0000 > @@ -197,12 +197,12 @@ ftp_ip = "10.10.10.1" > match out on egress inet from $int_if nat-to (egress) > anchor "ftp-proxy/*" > pass in on egress inet proto tcp to $ext_ip port 21 > -pass out on $int_if inet proto tcp to $ftp_ip port 21 user proxy > +pass out on $int_if inet proto tcp to $ftp_ip port 21 user _ftp_proxy > </pre></blockquote> > > Here we allow the connection inbound to port 21 on the external interface, > as well as the corresponding outbound connection to the FTP server. > -The "user proxy" addition to the outbound rule ensures that only connections > +The "user _ftp_proxy" addition to the outbound rule ensures that only > connections > initiated by ftp-proxy(8) are permitted. > > <p> >
