[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rdr on firewall initiated connections
Jon Hart wrote:
In trying to diagnose a problem with ftp-proxy, I stumbled upon
something with pf's rdr that I cannot explain.
Assume a simple firewall ruleset. I had the following rdr line:
rdr pass on $ext_if proto tcp from any to any \
port 21 -> 127.0.0.1 port 2121
That line, along with the other lines from the ftp-proxy examples in
pf.conf(5) and ftp-proxy(8), makes outbound ftp from LAN clients get
redirected to the local ftp-proxy as expected. However, outbound ftp
I kinda doubt that. rdr is only applicable to packets on ingress. Your
rdr rule should be applied to your LAN interface, not your Internet
My question is, is this the expected behavior, and is there any way
I get the results I had hoped?
Use passive ftp? (which ftp(1) defaults to anyways)