From owner-freebsd-pf@FreeBSD.ORG  Fri May 12 12:20:47 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AEE5916A407
	for <freebsd-pf@freebsd.org>; Fri, 12 May 2006 12:20:47 +0000 (UTC)
	(envelope-from linux@giboia.org)
Received: from adriana.dilk.com.br (adriana.dilk.com.br [200.250.23.1])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8CE6143D46
	for <freebsd-pf@freebsd.org>; Fri, 12 May 2006 12:20:46 +0000 (GMT)
	(envelope-from linux@giboia.org)
Received: (qmail 15691 invoked by uid 98); 12 May 2006 12:20:45 -0000
Received: from 10.0.0.95 by lda.dilk.com.br (envelope-from <linux@giboia.org>,
	uid 82) with qmail-scanner-1.25-st-qms 
	(uvscan: v4.4.00/v4545. perlscan: 1.25-st-qms.  
	Clear:RC:1(10.0.0.95):. 
	Processed in 0.025041 secs); 12 May 2006 12:20:45 -0000
Received: from unknown (HELO giboia) (linux@giboia.org@10.0.0.95)
	by adriana.dilk.com.br with SMTP; 12 May 2006 12:20:44 -0000
Date: Fri, 12 May 2006 09:24:30 -0300
From: Gilberto Villani Brito <linux@giboia.org>
To: freebsd-pf@freebsd.org
Message-ID: <20060512092430.0e3298ea@giboia>
X-Mailer: Sylpheed-Claws 1.0.4 (GTK+ 1.2.10; i586-mandriva-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: PF - ftp passive mode.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2006 12:20:47 -0000

Hello,
I have a ftp server in a DMZ and this is not accepting passive conections.
I tryed ipfw + natd and it works.
I am using this rules:
# rdr on em0 proto tcp from any to 200.250.23.1 port 21 -> 192.168.0.2 port 21
# rdr on em0 proto tcp from any to 200.250.23.1 port 49152:65535 -> 192.168.0.2 port 49152:65535

# pass in on em1 from 192.168.0.0/24 to any keep state
# pass out on em1 from any to 192.168.0.0/24 keep state

http://www.openbsd.org/faq/pf/ftp.html#natserver

What is the problem??? Don't PF make nat for passive ftp??

Gilberto