Hio.
I'm trying to setup a firewall that allows FTP in to a server that is
NATd on the other side. But that only allows access from one address
outside the firewall.
Something like:
Machine -> Internet -> Firewall/NAT -> FTP server
I realize I need to use ftp-proxy to get through the NAT part of the
firewall, but I'm not having much luck with it so far.
Here is what I have:
/usr/sbin/ftp-proxy -R 10.10.11.10
pf.conf:
$dev_addr = machine that has access to ftp to this server.
$proxy_addr = "127.0.0.1"
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $wan_if proto tcp from $dev_addr to $wan_if port ftp ->
$proxy_addr port 8021
block in all
block out all
anchor "ftp-proxy/*"
pass in proto tcp from $proxy_addr to any port 21 keep state
When I try to FTP from the allowed machine I get:
Connected to ftp-server
421 Service not available, remote server has closed connection
Any help on this would be appreciated.
If you need any more info please let me know.
Thanks,
-- Steve
