On 03/18/2006 05:26:22 PM, Paul Moore wrote:
The problem doesn't seem to be that nat is not working, but rather
the ftp server is sending out its internal ip in the data stream when
the data-port info is sent to the client.
This is the point of ftp-proxy, to deal with the network information
encoded in the application layer. (As I understand it, there
is no reason to have this done in the kernel so pf does it in
user space.) As long as you're going there you
may want to use the ftp-proxy that's going into 3.9 so you don't
have to rewrite your rules to make them pretty. You can use simpler
pf rules with the new ftp-proxy than with the old. I forget what
the new one is called pre-3.9. (Once in 3.9 it's just ftp-proxy.)
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
