ftp-proxy on transparent bridge
I am a relatively inexperienced user. I have used ftp-proxy on a routing firewall and it seems to work quite well. I am trying to get the ftp-proxy working on a transparent bridge firewall but I am not having any luck, which I believe is related to the bridge. I have the following set up running on OpenBSD 4.2 PF
ext_if = rl0
int_if = rl1
The bridge is running on those two NIC's. I have a third NIC, rl2, that has been assigned an ip address. I can SSH to the firewall on that address.
I have the standard rules in the NAT section:
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
In the rule section, I have:
anchor "ftp-proxy/*"
pass out proto tcp from 127.0.0.1 to any port 21 keep flags S/SA keep state
pass out on ext_if proto tcp from any to any port 21 flags S/SA modulate state
What do I need to change to get this working with the bridge?
|