I am trying out pf on a new environment I'm building and I must say that I'm impressed. I have come from the ipfilter world ..
One difference though is the lack of the in kernel proxy/translation, specifically for ftp.
For various reasons, I have a network that uses unregistered addresses that I expose to the internet via static nat. I need to allow ftp from the ouside in, which works as long as its active, but of course passive mode doesn't work.
I know that some don't agree with this approach (using static NAT), but its convenient for me for various reasons, and I'd really like to get inbound ftp working via ftp-proxy. Has anyone done this? Care to share your ruleset?
I am running pf 2.02 on FreeBSD 5.2.
Thanks, Tim
