Try this:

replace this line:
pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
    flags S/SA keep state
with this:
pass in on $vpn_if inet proto tcp to $Srv port 21 \
    flags S/SA keep state

Remember rdr's happen before filtering, so when pf see's this packet it will
have already been translated to the server address.

If that doesn't fix it, see what is getting logged.

J


On Mon, Nov 17, 2008 at 2:43 AM, `RIJ dMITRI[IN <[EMAIL PROTECTED]> wrote:

> Hi.
>
> I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1.
> All
> ftp connections to 192.168.0.2 are fine but connections to my ext. ip
> (e.g.
> 78.78.78.78) are refused.
>
> Here's part of my pf.conf:
>
> # WAN
> vpn_if="tun0"
> # LAN
> int_if="vr1"
> # External Address
> ext_addr="78.78.78.78"
> # Server IP's
> Srv="192.168.0.2"
>
> # NAT / Redirection
> nat on $vpn_if from $int_if:network to any -> ($vpn_if)
>
> # FTP
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr on $vpn_if proto tcp from any to any port 21 -> $Srv
> rdr on $vpn_if proto tcp from any to any port 30000:30099 -> $Srv
>
> # Actions with FTP
> pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
>     flags S/SA keep state
>  pass out on $int_if inet proto tcp to $Srv port 21 \
>     user proxy flags S/SA keep state
> anchor "ftp-proxy/*"
>
> Here's my rc.conf.local:
>
> ftpproxy_flags="-R 192.168.0.2 -p 21 -b 78.78.78.78"
>
> Thanks for your help.
>
> --
> Best, Yuriy A. Dmitrishin.

Reply via email to