On Sat, Jun 11, 2005 at 03:31:46PM +0200, Tobias Fendin wrote:
> I don't have this line:
> pass in on $ext_if inet proto tcp from any port 20 to ($ext_if) user 
> proxy flags S/SA keep state
> And it works anyway.

probably because you use passive mode on your FTP clients.  that rule is
needed for active mode FTP clients behind the firewall.

-j

--
"William Shatner: Now men, we are about to go on a very dangerous
 mission. It is highly likely that one of you will die. The crew that
 will go with me are Spock, McCoy and Ensign Ricky. 
 Ensign Ricky: Aw crap."
        --Family Guy

Reply via email to