Hello Gilberto,

No, that wouldn't work, there is no sense in adding a nat rule to the
internal interface.

I just found out why it didn't work. All this time, I was using active
ftp on my ubuntu box. when i switched to passive, it all worked like a
charm. found it on some forum archive .. forgot the link. on linux the
env setting for passive ftp doesn't work.. .i never knew that.. you
have you add -p to the ftp command or start it using pftp..

On 8/14/06, Gilberto Villani Brito <[EMAIL PROTECTED]> wrote:
Try using this rule:
nat on $int_if from any to any port 21 -> port 8021


2006/8/13, Ivan Levchenko < [EMAIL PROTECTED]>:
Hi everybody,

having some troubles with ftp-proxy on my gateway at home: the darn
thing gets me connected to an outside ftp server, but won't let me do
anything else with it.

the gateway computer is freebsd (it is running pf with nat to share
and secure a pppoe connection); the client computer is running kubuntu

here is what i get when trying to connect to a ftp server behind the nat:

$ ftp ftp.freebsd.org
Connected to ftp.freebsd.org .
220 ftp.FreeBSD.org NcFTPd Server (licensed copy) ready.
Name (ftp.freebsd.org:ivan): ftp
331 Guest login ok, send your complete e-mail address as password.
230-You are user #112 of 1000 simultaneous users allowed.
230 Logged in anonymously.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
550 Data connection must go to same host as control connection.
ftp: bind: Address already in use

or i get this error when connecting to a different ftp server (vsftpd):
500 Illegal PORT command.
ftp: bind: Address already in use.

i read the ftp-proxy and pf.conf man pages and have google-ed more
than my brain can comprehend but still no answer for this.

i attached the conf files for pf.conf and inetd.conf

any help (the right keyword to google with will be nice too!!!) will be

Best Regards,

Ivan Levchenko

freebsd-pf@freebsd.org mailing list
To unsubscribe, send any mail to "

Best Regards,

Ivan Levchenko
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to