From owner-freebsd-pf@FreeBSD.ORG Thu May 28 21:17:36 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 152BD10657B3 for ; Thu, 28 May 2009 21:17:36 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from mail-bw0-f213.google.com (mail-bw0-f213.google.com [209.85.218.213]) by mx1.freebsd.org (Postfix) with ESMTP id 88CC08FC1D for ; Thu, 28 May 2009 21:17:35 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: by bwz9 with SMTP id 9so5819544bwz.43 for ; Thu, 28 May 2009 14:17:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=78c5aKbtT1E3e3XfJtlMQi3OEctqnwYZhWhbgFV+rMQ=; b=AY+ndfA67prNUjEI0PXN4x3NCj/R8NpqrkG/flhizyc8k3LskqNIFXdPgZrJ76O5qW gZep4G9utInjfMbQ+Wf5cQb2hFWzwbdt8ZXDzmxh8dE72baHea90RYt+9xvl1ZYXEy5N hSQt1itU7yHePsWmXXYzhY57ICXvDqWoK4+zw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=XWsvJUiiku97by9Umjfl8yquWcbrmRWeAC2OVKyIMSQuxCjGt3wAIG4Nfc8u2DBQxN yglUaQwTEw5iqmRuyKHph+Nf9IE1Kvg26aOoJ1TMyeDl2+/gUd2NmZYGz9qr5Y82adA9 0K3Ap33+3KXojTtrcfxtddLTMS02CkxP5h5/Y= MIME-Version: 1.0 Received: by 10.204.66.135 with SMTP id n7mr1606597bki.155.1243545454392; Thu, 28 May 2009 14:17:34 -0700 (PDT) In-Reply-To: <8e10486b0905281346k2ff3e068l52e95055f7e1e412@mail.gmail.com> References: <8e10486b0905271442j224b37f5nceccaba929a08f8a@mail.gmail.com> <8e10486b0905281125l662e1f98r5b5a68e172d56684@mail.gmail.com> <8e10486b0905281317h40250894rb98d19f063cd8a1c@mail.gmail.com> <8e10486b0905281340i588eea3cj16fc6dd745c3e2ff@mail.gmail.com> <8e10486b0905281346k2ff3e068l52e95055f7e1e412@mail.gmail.com> From: Scott Ullrich Date: Thu, 28 May 2009 17:17:14 -0400 Message-ID: To: Alexandre Biancalana Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Multiple ftp servers behind pf with carp multi-ip X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 21:17:36 -0000 On Thu, May 28, 2009 at 4:46 PM, Alexandre Biancalana wrote: > I forget to mention that I already do that, setting the -2 parameter > to the default router and the problem remains the same. Sorry that did not work out for you. I do not recall the pftp parameters that I used to use for incoming but I believe I forced the FTP proxy to listen on the public IP and then there was a server parameter that forced it to connect back to the internal server. If you feel like experimenting a bit more you can try our latest mojo which is pf libalias integration. It basically lets libalias handle all incoming and outgoing ftp traffic magically. However if you take this route please be advised that the patch is new but tested. Recommend running DDB just in case of a crash so we can get Ermal Luci a bt. http://cvs.pfsense.com/~sullrich/nat_ftphelper.RELENG_7.diff Scott