Cascading pf firewalls with both nat and no nat

Hi list, I have a working setup with 2 cascaded firewalls (OpenBSD 4.5 on my external firewall, 4.6 on my internal firewall). NAT is done on the external interface of the internal firewall (which is connected to the external firewall). Now I want to exclude one of the workstations behind the int

ftp-proxy and pf on OpenBSD 4.5

Hi list, I was trying to set up ftp-proxy for use with a client (OpenBSD 4.6 workstation, passive ftp only) behind a firewall (4.5). I have set up pf.conf on the firewall according to pf user's guide. All ftp-proxy anchors have been put first (nat/rdr before any nat/rdr rules, filtering before a

Update: ftp-proxy and pf on OpenBSD 4.5

Apologies first. My first thought after waking up today was "I mixed IPs and IFs". Sorry for posting that... Remaining question second. The filtering does not seem to get "populated" by ftp-proxy. A rule like: pass in on $client_if proto { tcp udp } from $client \ to 127.0.0.1 port ftp does no