On Sun, 13 Jun 2010 07:44:26 +0100, Jason McIntyre wrote: >On Sun, Jun 13, 2010 at 12:36:52PM +1000, Rod Whitworth wrote: >> The rule: >> pass in on $int_if inet proto tcp to any port ftp \ >> rdr-to 127.0.0.1 port 8021 >> >> in the example ruleset on http://www.openbsd.org/faq/pf/example1.html >> does not work for active ftp from NATted hosts. >> >> There are three solutions which all work. >> >> A> make it "pass in quick ....." >> B> move the rule as-is to the end of the file. (Last match wins......) >> C.> move the rule up to the match rules and change "pass" to "match" >> >> Which do you prefer? >> > >if the point of that rule is the same as the point of the rule in >ftp-proxy(8), then the rule should really match the man page (which uses >"quick") or vice versa.
Note that the ftp-proxy manpage does "pass in quick" with no interface limitation...... > >anyone? > >jmc > *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
