This works. Thanks.

> Try this:
>
> replace this line:
> pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
>     flags S/SA keep state
> with this:
> pass in on $vpn_if inet proto tcp to $Srv port 21 \
>     flags S/SA keep state
>
> Remember rdr's happen before filtering, so when pf see's this packet it
> will have already been translated to the server address.
>
> If that doesn't fix it, see what is getting logged.
>
> J
>
> On Mon, Nov 17, 2008 at 2:43 AM, `RIJ dMITRI[IN <[EMAIL PROTECTED]> wrote:
> > Hi.
> >
> > I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1.
> > All
> > ftp connections to 192.168.0.2 are fine but connections to my ext. ip
> > (e.g.
> > 78.78.78.78) are refused.
> >
> > Here's part of my pf.conf:
> >
> > # WAN
> > vpn_if="tun0"
> > # LAN
> > int_if="vr1"
> > # External Address
> > ext_addr="78.78.78.78"
> > # Server IP's
> > Srv="192.168.0.2"
> >
> > # NAT / Redirection
> > nat on $vpn_if from $int_if:network to any -> ($vpn_if)
> >
> > # FTP
> > nat-anchor "ftp-proxy/*"
> > rdr-anchor "ftp-proxy/*"
> > rdr on $vpn_if proto tcp from any to any port 21 -> $Srv
> > rdr on $vpn_if proto tcp from any to any port 30000:30099 -> $Srv
> >
> > # Actions with FTP
> > pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
> >     flags S/SA keep state
> >  pass out on $int_if inet proto tcp to $Srv port 21 \
> >     user proxy flags S/SA keep state
> > anchor "ftp-proxy/*"
> >
> > Here's my rc.conf.local:
> >
> > ftpproxy_flags="-R 192.168.0.2 -p 21 -b 78.78.78.78"
> >
> > Thanks for your help.
> >
> > --
> > Best, Yuriy A. Dmitrishin.

Reply via email to