On Thu, 8 Jun 2006, uc.sheda wrote: > When 172.16.218.129 is trying to reach the port 21/tcp of 129.128.5.191, > here is what happen: > > * tcpdump -tei pflog0 port 21 or 8021: don't show anything
You don't have "log" on your "rdr pass" line. > * tcpdump -tni bridge0 port 21 or 8021: just show the SYN coming from > 172.16.218.129, > nothing else. > * pfctl -ss show 2 states: > all tcp 127.0.0.1:8021 <- 129.128.5.191:21 <- 172.16.218.129:22585 > CLOSED:SYN_SENT > all tcp 172.16.218.129:22585 -> 127.0.0.1:8021 SYN_SENT:CLOSED > * netstat -anp tcp show that ftp-proxy is listening on 127.0.0.1:8021 but > don't > receive anything (no socket in a state !=LISTEN with port 8021). > > Is there something I'm missing? What is the exact meaning of the arrows seen > in the > pfctl -ss output? You can't connect to the internet with a private space (172.16) address. -- Cam
