Enabling Userland FTP Proxy doesn't make it into rules.debug
OK, some background,
I have a LAN on an OPT interface (bce2) and I have a DMZ on an OPT interface (bce3)
The DMZ is manually outbound NAT
When I make sure that the 'Disable the userland FTP-Proxy application' checkbox is unchecked on the LAN port (bce2) the rdr rule does not show up in rules.debug
Active FTP does not work from LAN to DMZ, however if I add the rdr rule to rules.debug: "rdr on bce2 proto tcp from any to any port 21 -> 127.0.0.1 port 8022" and run "pfctl -f /tmp/rules.debug" then Active FTP works.
Is there a way I can make this change permanent? Or is there something I am forgetting? Any time I make a change through the webgui that rule is obviously lost.
Placing of those rules depends somewhat on the firewall and nat rules involved between segments.
You might also try killing all processes that match pftpx and ftpsesame and then re-saving any firewall rule to trigger a change. See if it restarts properly after that.