You need to get your ftp-proxy setup right.
>
> *I am doing . Pls see below* . Is it right?
>
> AFAICT you just add the anchor, but do not do the "pass in to port 21
> rdr-to 127.0.0.7 port 8021".
>
ok. removed 2 rules with* "pass in to port 21 rdr-to 127.0.0.7 port 8021"*
> Later on you must grant the proxy access to external ftp servers. You
> can add the traffic to the ftp queue from there
>
> Added these rules instead. Now, rule set is like this. ( newly added rules
in BOLD )
# FTP Proxy rules
anchor "ftp-proxy/*"
*pass in quick on $int_if proto tcp from $student_pc to any port { 21 >
49151 } \
flags S/SA keep state queue student_in
*
*pass in quick on $int_if proto tcp from $lan_net to any port { 21 > 49151 }
\
flags S/SA keep state
*
pass in quick log on $int_if inet proto udp from $lan_net to !$int_if \
port $clientudpports keep state queue dns_in
*pass out log on $ext_if inet proto tcp from $ext_if to any \
port { 21 > 49151 } flags S/SA modulate state*
Now, Student gets the download speed of *80Kbps*.
Is this way is right? Is there a better way. If so, I would like to hear...
--
Thank you
Indunil Jayasooriya
