ok, I just modified my configuration to be the same as the example pf.conf
I have ftp-proxy going and I've even tried setting -r but that still doesn't
do it.
Here is my pf.conf
# macros
externalInterface="sis0"
internalInterface="fxp0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
webServer="10.1.1.191"
# options
set block-policy return
set loginterface $externalInterface
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $externalInterface from !($externalInterface) ->
($externalInterface:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $internalInterface proto tcp to port ftp -> 127.0.0.1 port 8021
rdr on $externalInterface proto tcp from any to any port 80 -> $webServer
# filter rules
block in
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for { lo $internalInterface }
pass in on $externalInterface inet proto tcp from any to
($externalInterface) port $tcp_services flags S/SA keep state
pass in on $externalInterface inet proto tcp from any to $webServer port 80
flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass quick on $internalInterface
