As of 0.86.4 there should be a automatic ftp helper that is launched for internet -> lan ftp redirections. Make sure you're on the latest version.
Scott On 10/10/05, Jonathan Gonzalez <[EMAIL PROTECTED]> wrote: > Hi Dave [hi all], > > when i said passive ftp i was thinking in allow passive ftp to work > from external clients to my server, which is hosted behind pfsense. > > I understand that your comment only applies to internal to external > connections, isn't it? > > TIA, > Rgds, > > jonathan > > > > On 10/10/05, Dave <[EMAIL PROTECTED]> wrote: > > Hi, > > I've got passive ftp going, here's the relevant rules. I'm trying to get > > active working and that is not. > > Thanks. > > Dave. > > > > rules > > ext_if = "rl0" > > int_if = "xl0" > > int_net="$int_if:network" > > tcp_state="flags S/SA modulate state" > > # translate lan client addresses to that of the external interface > > nat on $ext_if from $int_if:network to any -> ($ext_if) > > # Redirect lan client FTP requests (to an FTP server's control port 21) > > # to the ftp-proxy running on the firewall host (via inetd on port 8021) > > rdr on $int_if inet proto tcp from $int_net to any port 21 -> 127.0.0.1 port > > 8021 > > > > # block by default > > block log all > > > > # pass all loopback traffic > > pass quick on lo0 all > > > > # Allow remote FTP servers (on data port 20) to respond to the proxy's > > # active FTP requests by contacting it on the port range specified in > > inetd.conf > > pass in quick on $ext_if inet proto tcp from any port 20 to 127.0.0.1 port > > 55000 >< 57000 user proxy $tcp_state > > > > # Allow ftp-proxy packets destined to port 20 to exit $ext_if > > # in order to maintain communications with the ftp server > > pass out quick on $ext_if inet proto tcp from $ext_if to any port 20 > > $tcp_state > > > > # Allow firewall to contact ftp server on behalf of passive ftp client > > pass out quick on $ext_if inet proto tcp from $ext_if port 55000:57000 to > > any user proxy $tcp_state > > > > # allow ftp connections from lan to proxy > > pass in quick on $int_if inet proto tcp from $int_net to lo0 port 8021 > > $tcp_state > > pass in quick on $int_if inet proto tcp from $int_net to $ext_if port > > 55000:57000 $tcp_state > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
