Knitti, Thanks, I created another instance of ftp-proxy with these options:
-p 8021 127.0.0.1 ...and put in my rdr this rule: rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 Everything seems to work now, I can ftp out and people can ftp in :) My question though is why did you give this rdr rule? rdr pass on $int_if proto tcp from any to !$ftp_server port ftp -> 127.0.0.1 port 8022 What special feature does switching "any" to !$ftp_server add to the pf rules? Should I modify mine to also say that? Thanks, - Jake On Nov 8, 2007 4:39 AM, knitti <[EMAIL PROTECTED]> wrote: > On 11/8/07, Jake Conk <[EMAIL PROTECTED]> wrote: > > Ok I understand I'm supposed to have another instance of ftp-proxy > > running so that it can open up ports on my router to allow data > > connections to be established from remote hosts but I'm not sure how I > > should configured ftp-proxy for that and my pf... Lets start with > > ftp-proxy first then handle pf... > > > > Since I got 1 instance of ftp-proxy already running to redirect > > incominng ftp traffic to a local server in my network I must have > > another one on a different port so for that I'm starting with... > > > > `ftp-proxy -p 8022` > > > > Ok and I think I have to tell ftp-proxy to only listen on its local IP > > because we are trying to connect our local servers to public servers > > so I would add that to the command: > > > > `ftp-proxy -p 8022 -a 192.168.10.1` > > you need 127.0.0.1 in any case, because of the rdr in pf.conf > > > > > I wasn't sure to use -a or -b so if I'm doing this wrong someone > > please correct me. > > > > 1) So now on the ftp-proxy configuration is there anything else I need > > to add? 2) Where's a good place to look on how to configure my packet > > filtering (pf) to work with the second instance of ftp-proxy and allow > > me to connect to outside (public) ftp servers > > look at your pf.conf, you have commented out the line. you should change > it to about this: > > rdr pass on $int_if proto tcp from any to !$ftp_server port ftp -> > 127.0.0.1 port 8022 > > of course i didn#t test this, but you get the idea > > --knitti