I am a bit confused about your setup.. I guess your are talking about a
firewalled ftp server. Please, correct me if I am wrong..
> #FTP rules
> pass in quick log on $outside proto tcp from any to $ftp_server port {
> 20, 21 } keep state
> pass out quick log on $outside proto tcp from $ftp_server port 1023 ><
> 5000 to any flags S/SA keep state
> (MS ftp uses ports 1023-5000 for passive ftp by default)
Humm.. IMO, the correct rule should be:
pass in quick log on $outside proto tcp from any to \
$ftp_server port 1023-5000 flags S/SA keep state
In a passive session, the remote party stabilishes the data connection, so you
have to change the rule direction. Take a look at
http://openbsd.org/faq/pf/ftp.html#natserver for more info.
> I've now upgraded to 3.3, and I am still experiencing the same issue.
> Aside from help with the above, does 3.3 need the ftp-reverse-proxy
> patch?
Probably not.. I have a working ftp server behind a nat box.. :)
Tiago
--
Tiago Pierezan Camargo <elessar at matrix dot com dot br>
"VI VI VI The editor of the beast."
