From owner-freebsd-pf@FreeBSD.ORG  Mon Feb 21 19:02:47 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3512116A4CE
	for <pf@freebsd.org>; Mon, 21 Feb 2005 19:02:47 +0000 (GMT)
Received: from srv1a-cta.bs2.com.br (srv1a-cta.bs2.com.br [200.203.183.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6B2EF43D58
	for <pf@freebsd.org>; Mon, 21 Feb 2005 19:02:46 +0000 (GMT)
	(envelope-from gpt@tirloni.org)
Received: from localhost (srv1a-cta.bs2.com.br [200.203.183.35])
	by srv1a-cta.bs2.com.br (Postfix) with ESMTP id 861BF1C7198
	for <pf@freebsd.org>; Mon, 21 Feb 2005 16:02:56 -0300 (BRST)
Received: from [192.168.0.49]
	(201-003-087-178.mganm7011.dsl.brasiltelecom.net.br [201.3.87.178])
	by srv1a-cta.bs2.com.br (Postfix) with ESMTP id D20631C6EF8
	for <pf@freebsd.org>; Mon, 21 Feb 2005 16:02:55 -0300 (BRST)
Message-ID: <421A3053.4050904@tirloni.org>
Date: Mon, 21 Feb 2005 16:02:43 -0300
From: "Giovanni P. Tirloni" <gpt@tirloni.org>
User-Agent: Mozilla Thunderbird 0.9 (X11/20041127)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: pf@freebsd.org
X-Enigmail-Version: 0.89.6.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: rdr for ftp-proxy doesn't work
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2005 19:02:47 -0000

Hi,

  I've a pf.conf without any filter rules, only this one and nat:


    rdr on sk0 inet proto tcp from any to any port = ftp -> 127.0.0.1 
port 8021



  And ftp-proxy is listening through inetd on that port:

sockstat -4l:

  USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     inetd      5470  4  tcp4   *:8021                *:*


inetd.conf:

ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp-proxy 
ftp-proxy -n


pfctl -s nat -v:

rdr on sk0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
   [ Evaluations: 28723     Packets: 2         Bytes: 96 
States: 1     ]

uname:

  FreeBSD 5.3-STABLE #0: Fri Feb 18 07:24:35 BRST 2005


  When I run tcpdump on sk0 (internal interface) I see the host trying 
to connect to port 21 (syn) but no packets go to the loopback interface 
or any other place.

  If I remove the rdr rule it client connects and authenticates but is 
unable to start a active connection, of course.

Any idea about what is causing this? Strange enough I've the same set of 
rules on another 6 machines and it works. The

Thanks in advance,

-- 
Giovanni P. Tirloni