[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf+ftp+binat problem



Firewall: FreeBSD 4.10-STABLE, pf version 2.03 from ports.
Ftp server: proftpd 1.2.9 with passive port's range 50000-55000
Requirements: local users connect to internal ftp-server using external ip.
My pf config:
ext_if="fxp0"
ext_ip="145.34.56.3"
int_if="xl0"
ftp_ip="192.168.0.2"
int_net="192.168.0.0/24"
pass all
nat on $ext_if from any to any -> $ext_ip
rdr on $int_if to $ext_ip port 21 -> $ftp_ip port 21
rdr on $int_if to $ext_ip port 50000:55000 -> $ftp_ip port 50000:55000  
no nat on $int_if from $int_if to $int_net
nat on $int_if from $int_net to $ftp_ip port 21 -> $int_if
nat on $int_if from $int_net to $ftp_ip port 49999 >< 50001 -> $int_if 
From local machine (Win XP):
C:> ftp 145.34.56.3 
Connecting to 145.34.56.3
220 ProFTPD server: test
331 Password required for test
****
230 User test logged in
ftp> ls
500 Illegal port command
425 Unable to build data connection. Connection refused
What rules do I need to do this?  Thanks for help

Attachment: pgp00172.pgp
Description: PGP signature