I have an internal ftp server running on the 192.0.0.* range. My pf.conf has the
following variables to define the port and the server, and the following rdr and pass
rules:
FtpServer="192.168.0.2"
tcp_allow="{ 22, 7778 }"
rdr on $ExtIF proto tcp from any to any port 7777 -> $FtpServer
pass in on $ExtIF inet proto tcp from any to $ExtIF port $tcp_allow \
flags S/SA modulate state
With those rules, you can not connect to the ftp server from the outside. I thought
that it might be due to the variables, but upon reading and testing, that is not the
case. pfctl -s rules translates this rule to the following (X.X.X.X being my ip):
pass in on dc0 inet proto tcp from any to X.X.X.X port = 7777 flags S/SA modulate state
If I change the rule to not use variables, the rule is the following:
pass in on $ExtIF inet proto tcp from any to any port 7778 flags S/SA modulate state
You can connect, but not list directories. pfctl -s rules translates this to the
following:
pass in on dc0 inet proto tcp from any to any port = 7778 flags S/SA modulate state
Is there an error in the rules that prevent me from listing directories on the ftp
server?
This question could already be answered, but I have searched the archives and the man
and faq pages, and I have been unable to find an answer. This could also be an error
on my part, as I have been unable to fix it.
Jon
