[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr on firewall initiated connections



Greetings,
In trying to diagnose a problem with ftp-proxy, I stumbled upon
something with pf's rdr that I cannot explain.
Assume a simple firewall ruleset.  I had the following rdr line:
   rdr pass on $ext_if proto tcp from any to any \
   port 21 -> 127.0.0.1 port 2121
That line, along with the other lines from the ftp-proxy examples in
pf.conf(5) and ftp-proxy(8), makes outbound ftp from LAN clients get
redirected to the local ftp-proxy as expected.  However, outbound ftp
from the firewall itself works to a limited extent, but it does not pass
through ftp-proxy.
At first I thought this was a problem with ftp-proxy, but in my testing
(with a 3.7beta snapshot from 3/11/05) it actually seems to be the fault
of rdr.  Regardless of what I change the src interface to in that rdr
line, none of my outbound traffic goes through ftp-proxy by way of
127.0.0.1:2121.
My question is, is this the expected behavior, and is there any way
I get the results I had hoped?
Thanks again,
-jon