Hello.
I have a machine with a pf firewall. I want *this* machine (not a machine behind this firewall) could have ftp traffic out. I don't have an internal interface. Just an external interface (sk0). I followed the FAQ page of pf and manpage. But it does not work :-(
This is my pf.conf:
Code:
ext_if="sk0"
#table <spamd-white> persist
set skip on lo
#scrub in
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $ext_if proto tcp to port ftp -> 127.0.0.1 port 8021
anchor "ftp-proxy/*"
block in log
block out log
pass on $ext_if proto icmp
antispoof quick for { lo $ext_if }
pass in on $ext_if proto tcp to ($ext_if) port ssh
pass in on $ext_if proto tcp to ($ext_if) port smtp
pass out on $ext_if proto tcp from ($ext_if) to port ftp
pass out on $ext_if proto tcp from ($ext_if) to port smtp
pass out on $ext_if proto tcp from ($ext_if) to port domain
pass out on $ext_if proto udp from ($ext_if) to port domain
I have ftp-proxy launched:
Code:
2610 ?? Is 0:00.01 /usr/sbin/ftp-proxy -r
Unfortunaly, ftp traffic does not work. I have to have a default "pass out" in pf rules for it works.
Does I forgot something ?
Thanks for all helps.
Regards,