[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf+ftp+binat problem

Firewall: FreeBSD 4.10-STABLE, pf version 2.03 from ports.
Ftp server: proftpd 1.2.9 with passive port's range 50000-55000
Requirements: local users connect to internal ftp-server using external ip.
My pf config:
pass all
nat on $ext_if from any to any -> $ext_ip
rdr on $int_if to $ext_ip port 21 -> $ftp_ip port 21
rdr on $int_if to $ext_ip port 50000:55000 -> $ftp_ip port 50000:55000  
no nat on $int_if from $int_if to $int_net
nat on $int_if from $int_net to $ftp_ip port 21 -> $int_if
nat on $int_if from $int_net to $ftp_ip port 49999 >< 50001 -> $int_if 
From local machine (Win XP):
C:> ftp 
Connecting to
220 ProFTPD server: test
331 Password required for test
230 User test logged in
ftp> ls
500 Illegal port command
425 Unable to build data connection. Connection refused
What rules do I need to do this?  Thanks for help

Attachment: pgp00172.pgp
Description: PGP signature