On the far end, the pf rules are simply pass all On this end the only rules that apply are:
scrub in no-df nat on $ext_if from !($ext_if) -> ($ext_if:0) rdr on $ext_if proto tcp from any to X.X.X.X/32 port ftp -> X.X.X.X port ftp I tried using cuteftp on a windows box behind the far end, using PASV & EPSV.. Still no luck. This must be possible. Below I highlight the fact that they are windows clients connecting from behind the far end's firewall. It very well may be that any connection from any OS from behind the far end does not work. It does however, work when I use an OpenBSD box that is connected directly to thee Internet.. ----- Original Message ----- From: "Price, Joe" <[EMAIL PROTECTED]> To: <misc@openbsd.org> Sent: Thursday, January 19, 2006 6:36 PM Subject: windows -> pf -> inet -> pf -> ftpd [not working] >I have a problem that when a Windows client tries to connect to this ftp > site, windows explorer returns 'The operation timed out'. > > > > The setup is, windows box behind a openbsd PF (NAT enabled) through the > public internet to another openbsd PF (NAT enabled) which has a rdr rule > to redirect to another openbsd machine behind it running ftpd. > > > > I'm assuming the problem exists on one of the firewalls, or both.. Is > this something that ftp-proxy can fix? > > > > I know the ftp works because I can connect to it form the far end's > openbsd box, just seems that I can't go through two NATs of PFs or > something like that. > > > > Any help is appreciated. > > > > Thanks!