On Tuesday 21 August 2007, Stuart Henderson wrote: > in -current ftp-proxy can add tags, you can then pass the traffic > using a rule that matches those tags (e.g. "tagged ftpproxy") and set > a label on that pass rule.
Hello, Was actually looking at that last night but it didn't work the way I expected. I guess I don't know exactly when the tag gets applied. Scenario: 'ftp=proxy -T FTP_PROXY', anchors and rdr in place. With pass rule: pass out on $ext_if proto tcp from ($ext_if) to any port 21 tagged FTP_PROXY flags S/SA keep state ftp client on network fails if I remove the 'tagged' portion: pass out on $ext_if proto tcp from ($ext_if) to any port 21 flags S/SA keep state ftp client works fine Where am I going wrong? Thanks. -- Chris
