On Mon, Jan 30, 2006 at 02:12:54PM -0500, Price, Joe wrote:
> On the far end, the pf rules are simply pass all
>
> On this end the only rules that apply are:
>
> scrub in no-df
>
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
>
> rdr on $ext_if proto tcp from any to X.X.X.X/32 port ftp -> X.X.X.X port
> ftp
>
>
> I tried using cuteftp on a windows box behind the far end, using PASV &
> EPSV.. Still no luck.
>
> This must be possible. Below I highlight the fact that they are windows
> clients connecting from behind the far end's firewall. It very well may
> be that any connection from any OS from behind the far end does not
> work. It does however, work when I use an OpenBSD box that is connected
> directly to thee Internet..
The example uses ftp-proxy (which is neat, BTW, and has been rewritten
for 3.9 too), and a pass rule which checks if the proper user is using
the port. You do not seem to have that one...
Joachim
