ftp-proxy, and one nic: oh my...

[frederick thomas]

i'm running freebsd 5.4 with only one nic(single user until i get a
router) so i don't think i can do nat. i've have had no luck in getting
damn thing to ftp. i added to the /etc/inetd.conf file the line
ftp-proxy:  
stream  tcp     nowait  root    /usr/libexec/ftp-proxy  ftp-proxy

and my /etc/pf.conf so far:

extif = "vr0"                                                           

tcpservices = "{ 20, 21, 25, 53, 67, 68, 80, 110, 123, 546, 631 }"       

udpservices = "{ 20, 21, 25, 53, 67, 68, 80, 110, 123, 546, 631 }"       

dhcp = "10.118.160.1"                                                   

icmptypes = "echoreq"

privnets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

scrub in all

rdr pass on $extif proto tcp from any to any port 21 -> 127.0.0.1 port
8021

block all

block drop in  log quick on $extif from $privnets to any

block drop out log quick on $extif from any to $privnets

block drop in  log quick on $extif proto icmp all

pass quick on lo0

pass out quick log on $extif proto udp from ($extif) port 68 to $dhcp   
port 67 keep state

pass in  quick log on $extif proto udp from ($dhcp)  port 67 to ($extif)
port 68 keep state

pass out quick on $extif proto tcp from ($extif) to any port
$tcpservices keep state

pass out quick on $extif proto udp from ($extif) to any port
$udpservices keep state

pass out inet proto icmp all icmp-type $icmptypes keep state

pass out quick on $extif inet proto udp from any to any port 22:23 keep
state

pass in quick on $extif inet proto udp from any to any port 22:23 keep
state

pass out quick on $extif inet proto tcp from any to any port 22:23 keep
state

pass in quick on $extif inet proto tcp from  any to ($extif) user proxy
keep state

i really hate asking for help but i've exhausted every site and faq on
web and it all
points to nat so do i have to install a dummy card to get this to work
or can i just 
adjust the rule set? lastly as you can see from my conf i'm trying to
log all rfc 1918
addresses and my isp's dhcp server in bound but so far i only get rule
four(4) to log
<the expansion of the privnets macro> any help would be appreciated
greatly. peace


*is this the door where i came in?
-- 
  frederick thomas
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - Faster than the air-speed velocity of an
                          unladen european swallow