Camiel Dobbelaar wrote: > A better test would be to try if you can "nc <target> 21" from the > firewall.
I'll try it from outside the firewall. As I tried in the past rdr/nat rules on specific interfaces will only work on incoming, not outgoing connections. > Please don't edit the information... Did you use "127.0.0.1" or some > other IP that's not routable for the loopback-ip ? I used the ip address of the lo1 interface, which is a public one I successfully use as for internal ospf routing (between firewall and the bgp border routers) and connections (ssh) from outside. > Can you show your NAT rules? And the information of "pfctl -si" when > the problem happens? I'll do this next times the problem occures. Actualy all works fine. > Cam Regards, Falk
