From owner-freebsd-pf@FreeBSD.ORG Thu Mar 6 14:19:17 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57EDA1065672; Thu, 6 Mar 2008 14:19:17 +0000 (UTC) (envelope-from virus@virus.org.ua) Received: from web3.hostdad.com (web3.hostdad.com [72.232.62.138]) by mx1.freebsd.org (Postfix) with ESMTP id 1E33C8FC21; Thu, 6 Mar 2008 14:19:16 +0000 (UTC) (envelope-from virus@virus.org.ua) Received: from web3.hostdad.com (localhost [127.0.0.1]) by web3.hostdad.com (8.14.1/8.13.8) with ESMTP id m26Dve01035652; Thu, 6 Mar 2008 13:57:40 GMT (envelope-from virus@virus.org.ua) Received: (from virus@localhost) by web3.hostdad.com (8.14.1/8.13.8/Submit) id m26DvdwS035651; Thu, 6 Mar 2008 15:57:39 +0200 (EET) (envelope-from virus@virus.org.ua) X-Authentication-Warning: web3.hostdad.com: virus set sender to virus@virus.org.ua using -f Date: Thu, 6 Mar 2008 15:57:39 +0200 From: "Andrey A. Belashkov" To: freebsd-pf@freebsd.org Message-ID: <20080306135739.GD79846@web3.hostdad.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: BCL 3.2b for MS-DOS 6.22 Cc: mlaier@freebsd.org, pf@benzedrine.cx Subject: pf + ftp troubles. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2008 14:19:17 -0000 Hello. I need setup non standart nat rules by pf for ftp. All outgoing ftp connections must nat behind 172.16.5.10 address assigned by mpd to ng0. I setup mpd, interface is up and if i use as source address 172.16.5.10 for ftp all is fine. But ftp function in php cant choose source address, so i need use nat. When i setup pf with rules: set optimization normal set block-policy return scrub in all nat on em0 from any to any port { 20 21 } -> 172.16.5.10 nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr on ng0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 anchor "ftp-proxy/*" pass out quick on em0 route-to { (ng0 172.16.5.1) } from 172.16.5.10 to any keep state pass in all pass out all and start ftp-proxy with keys "-a 172.16.5.10 -r -vv -m 500" and try to connect any ftp server - server respond and show me his login prompt. But when i try list files on ftp, client cant setup data connection. In passive and in active modes. How i can fix this problem? OS: FreeBSD 7.0-RELEASE Thanks, Andrey.