On 19:12:32 Nov 28, Jake Conk wrote: > #1 server: 200 PORT command successful - not using PASV eh?\r\n
You are using active mode ftp which requires the rdr-anchor. See below. > #1 active: server to client port 32818 via port 50073 > #1 client: LIST\r\n > #1 server: 425 Timeout establishing data connection - Broke your > packet filters again eh?\r\n > ^Cftp-proxy exiting on signal 2 > #1 ending session It could not open not redirect the data connection. See below. > # NAT anchor for ftp proxy > nat-anchor "ftp-proxy/*" > You should attach the rdr-anchor "ftp-proxy/*" right here. NOT below. > > # RDR: packets coming in on $ext_if with destination $external_addr:1234 will > # be redirected to 10.1.1.1:5678. A state is created for such packets, and > # outgoing packets will be translated as coming from the external address. > # rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> > 10.1.1.1 port 5678 > # rdr outgoing FTP requests to the ftp-proxy > rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 This should be below the ftp-proxy rdr anchor. [...] > > # RDR anchor for ftp-proxy > rdr-anchor "ftp-proxy/*" > It is too late to rdr here. It is clearly mentioned in the ftp-proxy(8) man page that this redirection should _precede_ the ftp-proxy(8) rdr. This change will surely work. If it doesn't then try passive mode. In any case please do exactly as mentioned in ftp-proxy(8) man page. Best of luck! -Girish
