On Thu, 18 Mar 2010, Vadim Zhukov wrote:
>On 17 March 2010 c. 00:43:34 Simon Perreault wrote:
>> J.C. Roberts wrote:
>> > match out on ? proto tcp from ? to any port ftp \
>> > rdr-to 127.0.0.1 port 8021
>>
>> You can't do that. rdr-to only works on input.
>>
>> > Without testing it, I don't know how the potential loop can be
>> > avoided, or if it even needs to be avoided (note the "match out"
>> > example for isakmp in the pf.conf(5) man page).
>>
>> That example uses nat-to, which only works on output.
>
>Things were changed in -CURRENT a bit, see
>http://marc.info/?l=openbsd-cvs&m=125486449001455&w=2 for example.
Neat!
While it clearly doesn't work as of that commit, it appears that we'll
eventually be able to do something like the above 'match'.
After that, it's probably just a 'simple' matter of ensuring that
ftp-proxy understands connections originating from the same system it's
running on.
Dave
--
Dave Anderson
<[email protected]>
