What do your pflog say? Try tcpdump on both interfaces and see what's going on. Also, you might want to pickup some reading on ftp-proxy(8) (reversed mode -R).
I run ftp-proxy like this: ftp-proxy -R 192.168.3.2 -m 15000 -M 16000 -r And my pf looks like this: nat on $ext_if from 192.168.3.0/24 to any -> ($ext_if) block log all #Traffic must be allowed to pass the loopback interface pass quick on lo0 all #FTP server pass in log quick on $ext_if proto tcp from any to $ext_ip port 21 flags S/SA keep state pass in log quick on $ext_if proto tcp from any to $ext_ip port 15000:16000 flags S/SA keep state Nils -----Original Message----- From: Pal Andras [mailto:[EMAIL PROTECTED] Sent: dinsdag 21 maart 2006 19:32 To: misc Subject: Ftp problem Hello Misc! I have a problem about ftp connections. I made a server behind a firewall and i read the pf docs about the configuration. My external pf conf file looks like that: ext_if="dc0" int_if="dc1" ftp_server="10.5.5.3" nat on $ext_if from $int_if:network to any -> ($ext_if) rdr on dc0 proto tcp from any to any port 80 -> 10.5.5.3 rdr on dc0 proto {udp,tcp} from any to any port 143 -> 10.5.5.3 rdr on dc0 proto {udp,tcp} from any to any port 993 -> 10.5.5.3 rdr on dc0 proto tcp from any to any port 25 -> 10.5.5.3 rdr on dc0 proto tcp from any to any port 5432 -> 10.5.5.3 rdr on dc0 proto tcp from any to any port 8821 -> 10.5.5.1 rdr on dc0 proto tcp from any to any port 61 -> 10.5.5.4 rdr on dc0 proto tcp from any to any port 2819 -> 10.5.5.4 port 2818 rdr on dc0 proto tcp from any to any port 2820 -> 10.5.5.3 port 2818 rdr on dc0 proto tcp from any to any port 21 -> $ftp_server port 21 rdr on $ext_if proto tcp from any to any port 49152:65535 -> $ftp_server port 49152:65535 pass in quick on $ext_if proto tcp from any to $ftp_server port 21 keep state pass in quick on $ext_if proto tcp from any to $ftp_server port > 49152 keep state pass out quick on $ext_if proto tcp from any to $ftp_server port > 49152 keep state pass out quick on $int_if proto tcp from any to $ftp_server port 21 keep state I can connect to the server from my router but can't from the other machines behind the router. I tried behind my neighbour's wireless router to it did the same. My ftp client message was: Data connection timed out. Falling back to PORT instead of PASV mode. List failed. I think it means that the client connected the server but it couldn't list the directory. I can connect and list directories other ftp servers from anywhere. Are there any other server side (pf side) configurations? Thanks a lot for your help and sorry for that stupid question. -- ---------------------------------------------------------- ANDRAS PAL D i g i t a l Influence E-mail: [EMAIL PROTECTED] Hungary Web:http://www.digitalinfluence.hu http://www.fpower.hu http://www.ifce.hu ================================================================================================= A disclaimer applies to this email and any attachments. Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this disclaimer.
