The rule:
pass in on $int_if inet proto tcp to any port ftp \
rdr-to 127.0.0.1 port 8021
in the example ruleset on http://www.openbsd.org/faq/pf/example1.html
does not work for active ftp from NATted hosts.
There are three solutions which all work.
A> make it "pass in quick ....."
B> move the rule as-is to the end of the file. (Last match wins......)
C.> move the rule up to the match rules and change "pass" to "match"
Which do you prefer?
*** NOTE *** Please DO NOT CC me. I <am> subscribed to the list.
Mail to the sender address that does not originate at the list server is
tarpitted. The reply-to: address is provided for those who feel compelled to
reply off list. Thankyou.
Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.
