I have internal ftp-server.
To give access for it from Internet I use ftp-proxy:
ftpproxy_flags="-R ftp_server -p 21 -b ext_ip"
and rules:
anchor "ftp-proxy/*"
pass in on $ext_if inet proto tcp from any to (em1) port ftp
pass out on $int_if inet proto tcp from any to <ftp_server> port ftp
user proxy
and this work. But I need to give access to external ftp-servers from my
lan.
I use rules:
match out on $ext_if inet proto tcp from <lan> to any nat-to (em1)
pass in on $int_if inet proto tcp from <lan> to any port { ftp, >49151 }
pass out on $ext_if inet proto tcp from (em1) to any port { ftp, >49151 }
and it not work from lan:
ftp> open ftpserver
Connected to ftpserver.
220 www.ftpserver FTP server ready.
User (ftpserver:(none)): user
331 Password required for user.
Password:
230 User user logged in.
ftp> dir
500 Illegal PORT rejected (address wrong).
425 Can't build data connection: Connection refused.
ftp> dir
425 Can't build data connection: Connection refused.
ftp> quit
221 Goodbye.
what is wrong with my config?
thanks.
