Hi list, I was trying to set up ftp-proxy for use with a client (OpenBSD 4.6 workstation, passive ftp only) behind a firewall (4.5).
I have set up pf.conf on the firewall according to pf user's guide. All ftp-proxy anchors have been put first (nat/rdr before any nat/rdr rules, filtering before any filtering rules) so other rules should not affect them (filtering rules inserted by ftp-proxy are "quick" according to man, and first nat/rdr rule wins anyway). I use: set skip on lo (as I usually do) and: ftp-proxy -d -D 7 (for debugging). >From my understanding the line rdr on $client_if proto tcp from $client to any port ftp -> \ 127.0.0.1 port 8021 should cause the incoming connection to be 1. redirected, 2. not filtered (skip on lo), 3. reach ftp-proxy and therefore 4. enable ftp-proxy to populate the anchors. However, this seems not to happen (no connection, no output from ftp-proxy). When I add something like: pass in on $client_if from $client to any ftp-proxy lets me connect to the external ftp server (debug output of ftp-proxy is as one would expect it). But even something like: pass in on $client_if proto { tcp udp } from $client \ to any port ftp does not work (and as explained above I would think that this is not necessary at all). Any ideas? -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/atbrowser