From owner-freebsd-pf@FreeBSD.ORG  Thu Jul  7 18:32:40 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3815416A41F
	for <freebsd-pf@freebsd.org>; Thu,  7 Jul 2005 18:32:40 +0000 (GMT)
	(envelope-from michael@weiser.dinsnail.net)
Received: from heinz.dinsnail.net (p15110767.pureserver.info [217.160.166.159])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8ADC443D46
	for <freebsd-pf@freebsd.org>; Thu,  7 Jul 2005 18:32:39 +0000 (GMT)
	(envelope-from michael@weiser.dinsnail.net)
Received: from heinz.dinsnail.net (heinz.dinsnail.net [127.0.0.1])
	by heinz.dinsnail.net (8.13.4/8.13.4) with ESMTP id j67IWQh6025418
	for <freebsd-pf@freebsd.org>; Thu, 7 Jul 2005 20:32:26 +0200
Received: from khazad-dum.weiser.dinsnail.net (uucp@localhost)
	by heinz.dinsnail.net (8.13.4/8.13.4/Submit) with bsmtp id
	j67IWQnh025417
	for freebsd-pf@freebsd.org; Thu, 7 Jul 2005 20:32:26 +0200
Received: from khazad-dum.weiser.dinsnail.net (localhost [127.0.0.1])
	by khazad-dum.weiser.dinsnail.net (8.13.4/8.13.4) with ESMTP id
	j67IKNca062928
	for <freebsd-pf@freebsd.org>; Thu, 7 Jul 2005 20:20:23 +0200 (CEST)
	(envelope-from michael@khazad-dum.weiser.dinsnail.net)
Received: (from michael@localhost)
	by khazad-dum.weiser.dinsnail.net (8.13.4/8.13.4/Submit) id
	j67IKNDi062923
	for freebsd-pf@freebsd.org; Thu, 7 Jul 2005 20:20:23 +0200 (CEST)
	(envelope-from michael)
Date: Thu, 7 Jul 2005 20:20:23 +0200
From: Michael Weiser <michael@weiser.dinsnail.net>
To: freebsd-pf@freebsd.org
Message-ID: <20050707182023.GB57981@weiser.dinsnail.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-MailScanner: Found to be clean
X-MailScanner-From: michael@weiser.dinsnail.net
Subject: ftp connections not working from firewall box
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2005 18:32:40 -0000

Hi again,

another problem with my new pftpx setup is that because of

rdr on xl0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021

only connections coming in via the internal interface get redirected to
pftpx. Due to that FTP connections originating on the machine itself
don't work because they leave directly via the external interface so that
pftpx doesn't see them to add the proper firewall rules.

Is there a workaround or proper solution for this (possibly including a
rant about my braindamage ;) ?
-- 
bye, Micha