Greetings,
In trying to diagnose a problem with ftp-proxy, I stumbled upon something with pf's rdr that I cannot explain.
Assume a simple firewall ruleset. I had the following rdr line:
rdr pass on $ext_if proto tcp from any to any \ port 21 -> 127.0.0.1 port 2121
That line, along with the other lines from the ftp-proxy examples in pf.conf(5) and ftp-proxy(8), makes outbound ftp from LAN clients get redirected to the local ftp-proxy as expected. However, outbound ftp
I kinda doubt that. rdr is only applicable to packets on ingress. Your rdr rule should be applied to your LAN interface, not your Internet interface.
My question is, is this the expected behavior, and is there any way I get the results I had hoped?
Use passive ftp? (which ftp(1) defaults to anyways)
.joel