From owner-freebsd-pf@FreeBSD.ORG  Thu Jul  7 18:17:36 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DC8BE16A41C
	for <freebsd-pf@freebsd.org>; Thu,  7 Jul 2005 18:17:36 +0000 (GMT)
	(envelope-from michael@weiser.dinsnail.net)
Received: from heinz.dinsnail.net (p15110767.pureserver.info [217.160.166.159])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 50A3A43D45
	for <freebsd-pf@freebsd.org>; Thu,  7 Jul 2005 18:17:36 +0000 (GMT)
	(envelope-from michael@weiser.dinsnail.net)
Received: from heinz.dinsnail.net (heinz.dinsnail.net [127.0.0.1])
	by heinz.dinsnail.net (8.13.4/8.13.4) with ESMTP id j67IHQ5A025035
	for <freebsd-pf@freebsd.org>; Thu, 7 Jul 2005 20:17:26 +0200
Received: from khazad-dum.weiser.dinsnail.net (uucp@localhost)
	by heinz.dinsnail.net (8.13.4/8.13.4/Submit) with bsmtp id
	j67IHQTd025034
	for freebsd-pf@freebsd.org; Thu, 7 Jul 2005 20:17:26 +0200
Received: from khazad-dum.weiser.dinsnail.net (localhost [127.0.0.1])
	by khazad-dum.weiser.dinsnail.net (8.13.4/8.13.4) with ESMTP id
	j67IGK6h062066
	for <freebsd-pf@freebsd.org>; Thu, 7 Jul 2005 20:16:20 +0200 (CEST)
	(envelope-from michael@khazad-dum.weiser.dinsnail.net)
Received: (from michael@localhost)
	by khazad-dum.weiser.dinsnail.net (8.13.4/8.13.4/Submit) id
	j67IGKLD062065
	for freebsd-pf@freebsd.org; Thu, 7 Jul 2005 20:16:20 +0200 (CEST)
	(envelope-from michael)
Date: Thu, 7 Jul 2005 20:16:20 +0200
From: Michael Weiser <michael@weiser.dinsnail.net>
To: freebsd-pf@freebsd.org
Message-ID: <20050707181620.GA57981@weiser.dinsnail.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-MailScanner: Found to be clean
X-MailScanner-From: michael@weiser.dinsnail.net
Subject: pftpx rules not showing in pfctl
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2005 18:17:37 -0000

Hello,

this may sound ridiculous but I've actually managed to set up pftpx and
now can't seem to figure out why it works. :)

I've compiled pftpx on my FreeBSD-CURRENT box with some minor tweaking
because of missing stnvis. I added the required rules to my pf.conf:

nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr on $intif inet proto tcp from any to any port 21 -> 127.0.0.1  port 8021

and

anchor "pftpx/*" on $dslif
pass out quick on $dslif inet proto tcp from $dslif port $unpriv to any port = ftp modulate state (no-sync) flags S/SA label $dslif-out-ftp

$dslif is xl0 for me. It's present on the anchor because I also have a
$pppif tun0 which is used occasionally and rules for it are defined
further down the filter list.

Anyway. I fired up pftpx -d -D 7 and lo, everything works nicely.

Then I went and said 'pfctl -a pftpx -s r' whilst running an ftp
download. No matter what I do, it says the rule list is empty. When
running it with '-s a' I see that there are entries for the ftp
connections in the state table, but still no rules.

Is it supposed to behave that way or should I be seeing some rule
entries?

Thanks in advance,
-- 
bye, Michael