freebsd stable - Mar 2006 - Problems with pf + ftp-proxy on gateway

I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine.

I have this line on inetd.conf:

ftp-proxy      stream  tcp     nowait  root    /usr/libexec/ftp-proxy 
ftp-proxy -n

And this lines on pf.conf:

rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port ftp-proxy
pass in quick on $ext_if inet proto tcp from any port ftp-data to
$ext_if:0 user proxy flags S/SA keep state

When one machine inside my network (e.g. 192.168.x.x) connects to an
external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't
work.

Connection comes to my firewall and is accepted but connection is not
established and stay like this here:

self tcp 200.x.x.x:57625 <- 200.x.x.x:20       ESTABLISHED:FIN_WAIT_2

Any kind of help will be appreciate

thanks
--
Renato Botelho

--- Renato Botelho <rbgarga@gmail.com> wrote:
> I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine.
> 
> I have this line on inetd.conf:
> 
> ftp-proxy      stream  tcp     nowait  root    /usr/libexec/ftp-proxy
> 
> ftp-proxy -n
> 
> And this lines on pf.conf:
> 
> rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port
> ftp-proxy
> pass in quick on $ext_if inet proto tcp from any port ftp-data to
> $ext_if:0 user proxy flags S/SA keep state
> 
> When one machine inside my network (e.g. 192.168.x.x) connects to an
> external ftp server (e.g. ftp.FreeBSD.org), data connection doesn't
> work.
> 
> Connection comes to my firewall and is accepted but connection is not
> established and stay like this here:
> 
> self tcp 200.x.x.x:57625 <- 200.x.x.x:20       ESTABLISHED:FIN_WAIT_2
You need to decide whether you are working with passive ftp clients
(probably), active, or both.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com