On Thu, 11 May 2006, [EMAIL PROTECTED] wrote: > rdr on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
You need this. > pass in on $ext_if inet proto tcp from any \ > to $ext_if port 55000 >< 57000 user proxy \ > flags S/SA keep state You don't need this anymore. > How can i transform all this into the anchor stuff? > All rules within one anchor?? Since bracets aren't used in any example, how > do i know which rules are in an anchor and which aren't? > How to fit the pass in in the anchor? You just put the three anchors in pf.conf, literally: nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" anchor "ftp-proxy/*" It's the proxy's job to load rules in them, on the fly. > I don't need a pass out rule, since this is implicitly the case by the > floating policy and pass out statement i wouldnt need a anchor > "ftp-proxy/*" statement at all.... The manpage explicitly says that all anchors are mandatory. > this is how i understand it, seperate connections, not natting or > redirecting connections, because that wouldn't be proxying at all. > Or maybe it's not proxyied, i just don't know. It proxies the control connection, but not the data connections. Since you know about the anchors and therefore that ftp-proxy has changed I must ask: which documentation did you follow and what was unclear? Maybe that needs fixing. -- Cam
