This works. Thanks.
> Try this: > > replace this line: > pass in on $vpn_if inet proto tcp to $ext_addr port 21 \ > flags S/SA keep state > with this: > pass in on $vpn_if inet proto tcp to $Srv port 21 \ > flags S/SA keep state > > Remember rdr's happen before filtering, so when pf see's this packet it > will have already been translated to the server address. > > If that doesn't fix it, see what is getting logged. > > J > > On Mon, Nov 17, 2008 at 2:43 AM, `RIJ dMITRI[IN <[EMAIL PROTECTED]> wrote: > > Hi. > > > > I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1. > > All > > ftp connections to 192.168.0.2 are fine but connections to my ext. ip > > (e.g. > > 78.78.78.78) are refused. > > > > Here's part of my pf.conf: > > > > # WAN > > vpn_if="tun0" > > # LAN > > int_if="vr1" > > # External Address > > ext_addr="78.78.78.78" > > # Server IP's > > Srv="192.168.0.2" > > > > # NAT / Redirection > > nat on $vpn_if from $int_if:network to any -> ($vpn_if) > > > > # FTP > > nat-anchor "ftp-proxy/*" > > rdr-anchor "ftp-proxy/*" > > rdr on $vpn_if proto tcp from any to any port 21 -> $Srv > > rdr on $vpn_if proto tcp from any to any port 30000:30099 -> $Srv > > > > # Actions with FTP > > pass in on $vpn_if inet proto tcp to $ext_addr port 21 \ > > flags S/SA keep state > > pass out on $int_if inet proto tcp to $Srv port 21 \ > > user proxy flags S/SA keep state > > anchor "ftp-proxy/*" > > > > Here's my rc.conf.local: > > > > ftpproxy_flags="-R 192.168.0.2 -p 21 -b 78.78.78.78" > > > > Thanks for your help. > > > > -- > > Best, Yuriy A. Dmitrishin.