Enabling Userland FTP Proxy doesn't make it into rules.debug
-
OK, some background,
I have a LAN on an OPT interface (bce2) and I have a DMZ on an OPT interface (bce3)
The DMZ is manually outbound NAT
When I make sure that the 'Disable the userland FTP-Proxy application' checkbox is unchecked on the LAN port (bce2) the rdr rule does not show up in rules.debugActive FTP does not work from LAN to DMZ, however if I add the rdr rule to rules.debug: "rdr on bce2 proto tcp from any to any port 21 -> 127.0.0.1 port 8022" and run "pfctl -f /tmp/rules.debug" then Active FTP works.
Is there a way I can make this change permanent? Or is there something I am forgetting? Any time I make a change through the webgui that rule is obviously lost.
Thanks,
Matt
-
Placing of those rules depends somewhat on the firewall and nat rules involved between segments.
You might also try killing all processes that match pftpx and ftpsesame and then re-saving any firewall rule to trigger a change. See if it restarts properly after that.