I'm beginning to wonder if I'm being dense and missing something brutally simple. I've looked at the pf FAQ, payed special attention to the FTP section, and even used identical configuration without success.
The problem is that with passive mode, the client is actively attempting to connect to the server. Port numbers on either end cannot be predicted, and the block all rule denies the outgoing connection since the client is in $untrusted. Any further ideas? --david On 2/18/06, Darrin Chandler <[EMAIL PROTECTED]> wrote: > David Higgs wrote: > > >After reading the man pages for pf.conf and ftp-proxy, it's not 100% > >clear to me how I should go about supporting ftp. I have a basic > >2-nic obsd box doing nat for my internal network, and run ftp-proxy > >with the -n flag. The relevant portions of my pf.conf are shown > >below: > > > > > Don't forget the pf faq! Lots of good stuff there, and some simple, > commented examples (yes, with ftp). > > -- > Darrin Chandler | Phoenix BSD Users Group > [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ > http://www.stilyagin.com/ |
