Trouble with ftp with pf enabled

[kasse]

On my freebsd 7.0 I can't establish ftp connections with pf enabled.

first I had ftp added to the standard tcp_sevices allowed to pass out with keep state ala

Code:

 pass out proto tcp to any port ftp

then I could access the ftp sites but I could not receive any data back, e.g using ls or pwd, I would get some reply about that the operation was not permitted and the connection would close.

second I tried method described in ftp-proxy but then I cannot even connect to any ftp.

Here is the pf.conf: I confess that it may seem stupid on my home desktop, but I wanted to get a feeling for pf.

Code:

# define some outgoing services
tcp_services = "{ssh, smtp, domain, https, www, auth, imaps}"
udp_services = "{domain}"

# define some macros
ext_if = "em0" #to wireless router via cable
ftp_proxy = "127.0.0.1" #where ftp-proxy is attached
ftp_proxyport = "8021"

# define some trusted hosts
table <trusted> { 192.168.0.102 }

# don't filter loopback
set skip on lo0

# sort out the the meaningfull and assemble those
scrub in all

#define some anchors
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"

#define som redirection
rdr pass on $ext_if proto tcp from any to any port ftp -> \
    $ftp_proxy port $ftp_proxyport

#### the filter rules
block all
anchor "ftp-proxy/*" {
   pass out proto tcp from $ftp_proxy to any port ftp keep state
}
pass out on $ext_if proto tcp to any port $tcp_services keep state
pass on $ext_if proto udp to any port $udp_services keep state

#allow incoming from trusted lan address but log it
pass in log on $ext_if proto tcp from <trusted> to any port ssh

As always since I'm not familiar with this and a bit slow I, issue a idiot warning.