Hi, I'm running a FreeBSD-CURRENT box with pf and pftpx as a NAT router for my local network. I have the following rdr rules:
rdr-anchor "pftpx/*" no rdr inet proto tcp from any to 192.168.1.1 port 21 rdr inet proto tcp from any to any port 21 -> 127.0.0.1 port 8021 The no rdr rule just makes the local ftp server work as expected and prevents redirection loops. The second is supposed to actually redirect all outgoing ftp connections through pftpx. Unfortunately this only catches connections coming in via the internal interface bound for the internet. FTP connections originating on the machine itself don't work. They never get redirected but leave directly via the external interface. So pftpx doesn't see them to add the proper firewall rules. Consequently the return connections for active ftp and high port data connections for passive ftp bounce at the firewall. Is there a workaround or proper solution for this (possibly including a rant about my braindamage ;) ? -- bye, Micha
