From owner-freebsd-questions@FreeBSD.ORG  Sun Apr 15 16:26:50 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A03C41065670
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Apr 2012 16:26:50 +0000 (UTC)
	(envelope-from fbsd8@a1poweruser.com)
Received: from mail-03.name-services.com (mail-03.name-services.com
	[69.64.155.195])
	by mx1.freebsd.org (Postfix) with ESMTP id 826AD8FC0C
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Apr 2012 16:26:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt;
	s=DKIM-NAME-SERVICES; d=a1poweruser.com;
	h=From:To:Cc:Subject:Message-ID:X-Sender:X-Envelope-From; l=500;
	bh=kBrG7rsAa6WrSwOjJo0lKoLdFiKuTzydyq2uqBZezOE=; 
	b=EssM2jkv+4F9oBe8SS/jA5x8ZcQPhg8KvaPgGoa3EfxlJ7MrqfJFShRl111No/q30JKo6/Bm0HJXPE7x9zhKh6gfQB/O0Mku48l0OSeNDNMynkSUZ8CmK6W5apZq4+HYtQQSoscbsVAsUoYo+ygoiSUx4XfR6VUgC0VmTX1myMc=
Received: from [10.0.10.1] ([173.88.208.155]) by mail-03.name-services.com
	with Microsoft SMTPSVC(6.0.3790.4675); 
	Sun, 15 Apr 2012 09:26:50 -0700
Message-ID: <4F8AF6C8.4010703@a1poweruser.com>
Date: Sun, 15 Apr 2012 12:26:48 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 15 Apr 2012 16:26:50.0617 (UTC)
	FILETIME=[8FA26690:01CD1B24]
X-Sender: fbsd8@a1poweruser.com
X-Authenticated-Sender: fbsd8@a1poweruser.com
X-EchoSenderHash: [fbsd8]-[a1poweruser*com]
X-Envelope-From: fbsd8*a1poweruser.com
Subject: pf firewall and ftp
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2012 16:26:50 -0000

Running 9.0 as a gateway host with pf firewall enabled.
FTP is launched by inetd.
Both active and passive ftp works from lan pc's to the host ftp.
The lan ftp session can be initiated from the host or any lan pc and 
things work because there are no rules on the lan interface except 
single pass all rule.

But I can not do host initiated or lan initiated ftp sessions to the 
public internet. Get "operation not permitted" message. Tried to setup 
ftp-proxy per openbsd pf manual without any joy.

Looking for working rule set with nat and ftp services to study and 
learn from.