[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf and ftp-proxy



Being I cannot get ftp-proxy to work for active connections.
I thought (hopefully for a short time to write rules to allow 
just those clients to use ftp to just those servers where
I had problems. So I wrote up
rdr  pass proto tcp  from <Clients> to $Server1 port ftp  -> $Server1
port ftp
rdr  pass proto tcp  from <Clients> to $Server2 port ftp  -> $Server2
port ftp
rdr  pass proto tcp  from <Clients> to $Server3 port ftp  -> $Server3
port ftp
rdr  pass on $Inside_ifs  proto tcp from any to any  port ftp  ->
127.0.0.1 port 8021
and further down
pass quick proto tcp from <Clients>               to <Servers>
keep state
pass quick proto tcp from <Servers> port ftp-data to <Clients> port >
999  keep state 
I expected this to work but it didn't. I expected the pass on 
the rdr, to skip the following rdr. 
PS: I did find a method that works and it is probably better
rdr pass proto tcp from  <Clients> to !<Servers> port ftp -> 127.0.0.1
port 8021
rdr pass proto tcp from !<Clients> to any        port ftp -> 127.0.0.1
port 8021