Enabling Userland FTP Proxy doesn't make it into rules.debug

  • OK, some background,

    I have a LAN on an OPT interface (bce2) and I have a DMZ on an OPT interface (bce3)
    The DMZ is manually outbound NAT
    When I make sure that the 'Disable the userland FTP-Proxy application' checkbox is unchecked on the LAN port (bce2) the rdr rule does not show up in rules.debug

    Active FTP does not work from LAN to DMZ, however if I add the rdr rule to rules.debug: "rdr on bce2 proto tcp from any to any port 21 -> port 8022" and run "pfctl -f /tmp/rules.debug" then Active FTP works.

    Is there a way I can make this change permanent? Or is there something I am forgetting? Any time I make a change through the webgui that rule is obviously lost.



  • Rebel Alliance Developer Netgate

    Placing of those rules depends somewhat on the firewall and nat rules involved between segments.

    You might also try killing all processes that match pftpx and ftpsesame and then re-saving any firewall rule to trigger a change. See if it restarts properly after that.

Log in to reply