View Single Post
  #1   (View Single Post)  
Old 1st July 2008
mswall mswall is offline
New User
 
Join Date: Jul 2008
Posts: 2
Default ftp-proxy on transparent bridge

I am a relatively inexperienced user. I have used ftp-proxy on a routing firewall and it seems to work quite well. I am trying to get the ftp-proxy working on a transparent bridge firewall but I am not having any luck, which I believe is related to the bridge. I have the following set up running on OpenBSD 4.2 PF

ext_if = rl0
int_if = rl1
The bridge is running on those two NIC's. I have a third NIC, rl2, that has been assigned an ip address. I can SSH to the firewall on that address.

I have the standard rules in the NAT section:

nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

In the rule section, I have:

anchor "ftp-proxy/*"
pass out proto tcp from 127.0.0.1 to any port 21 keep flags S/SA keep state
pass out on ext_if proto tcp from any to any port 21 flags S/SA modulate state

What do I need to change to get this working with the bridge?
Reply With Quote