> > For example, a real outgoing ftp rule has this for ipf.conf: > > pass out proto tcp from $ME to $YOU port = 21 flags S keep state > > with a corresponding NAT rule like this: > > map $MY_IF from $ME/32 to $YOU/32 port = 22 -> $ME/32 > > Note this doesn't really NAT anything, it just triggers the "proxy" to > do protocol examination and open ephemeral ports, etc. >
Gah, sorry, cut and paste error. The nat rule should be: map $MY_IF 0/0 -> 0/32 proxy port 21 ftp/tcp The other rdr rule was correct afaik. Sorry! Paul
