Кто здорово шарит в pf подскажите в чем не прав. Проблема с доступом к ftp серверам из локалки.##Macroses
#Interfaces
if1 = "ep0"
if2 = "ne3"
lan = "xl0"
dmz = "xl1"
#Internal servers
proxy = "192.168.1.5"
vpn = "192.168.1.5"
vpn_port = "1199"
mail = "192.168.1.8"
web = "192.168.1.6"
#Tables
table <spamd-white> persist
table <ip> persist file "/etc/ip.lst"
#Skip loopback
set skip on lo
#Scrubbing
scrub in
#NAT
nat on $if1 from !$if1 -> $if1:0
nat on $if2 from !$if2 -> $if2:0
#Anchors
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
##Redirection
#ftp
rdr pass on $lan proto tcp from any to any port ftp -> 127.0.0.1 port 8021
#spamd
no rdr on $if1 proto tcp from <spamd-white> to any port smtp
rdr pass on $if1 proto tcp from any to any port smtp -> 127.0.0.1 port spamd
#http-proxy
rdr on $lan proto tcp from <ip> to any port www -> $proxy port 3128
#web server
rdr on $if1 proto tcp from any to $if1 port www -> $web port www
#mail server
rdr on $if1 proto tcp from any to $if1 port smtp -> $mail port smtp
rdr on $if1 proto tcp from any to $if1 port pop3 -> $mail port pop3
#vpn
rdr pass on $if2 proto udp from $if2:network to port $vpn_port -> $vpn
rdr pass on $if1 proto udp from $if1:network to port $vpn_port -> $vpn
anchor "ftp-proxy/*"
##Filters
#Default deny
block log all
#Allow
#Antispoof
#pass quick on $lan no state
#antispoof quick for { lo $lan }
#lan
pass quick on $lan all
pass quick on $dmz all
#ssh
pass in log on $if1 proto tcp from any to $if1 port 27
pass out log on $if1 proto tcp from $if1 to any port 27
#pop3
pass in log on $if1 proto tcp from any to $if1 port pop3
pass out log on $if1 proto tcp from $if1 to any port pop3
#smtp
pass in log on $if1 proto tcp from any to $if1 port smtp
pass out log on $if1 proto tcp from $if1 to any port smtp
#web
pass quick log on $if1 proto tcp from any to any port www
#dns tcp
pass in quick log on $if1 proto tcp from any to $if1 port domain
pass out quick log on $if1 proto tcp from $if1 to any port domain
#dns udp
pass in quick log on $if1 proto udp from any to $if1 port domain
pass out quick log on $if1 proto udp from $if1 to any port domain
#vpn
pass in quick log on $if2 proto udp from any to $if2 port $vpn_port
pass out quick log on $if2 proto udp from $if2 to any port $vpn_port
pass in quick log on $if2 proto udp from any to $vpn port $vpn_port
pass out quick log on $if2 proto udp from $vpn to any port $vpn_port
pass in quick log on $if1 proto udp from any to $if1 port $vpn_port
pass out quick log on $if1 proto udp from $if1 to any port $vpn_port
pass in quick log on $if1 proto udp from any to $vpn port $vpn_port
pass out quick log on $if1 proto udp from $vpn to any port $vpn_port
#icq
pass in quick log on $if1 proto tcp from any to $if1 port 5190
pass out quick log on $if1 proto tcp from $if1 to any port 5190
#ntp
pass in quick log on $if1 proto tcp from any to $if1 port ntp
pass out quick log on $if1 proto udp from $if1 to any port ntp
#ftp
pass in quick log on $if1 proto tcp from any to $if1 port ftp
#pass out quick log on $if1 proto tcp from $if1 to any port ftp
pass out proto tcp from self to any port ftp
pass in quick log on $if1 proto tcp from any to $if1 port ftp-data
pass out quick log on $if1 proto tcp from $if1 to any port ftp-data
pass in quick log on $if1 proto tcp from any to $if1 port > 49151 flags S/SA user proxy
pass out quick log on $if1 proto tcp from $if1 to any port {ftp ftp-data}
#cvsup
pass in quick log on $if1 proto tcp from any to $if1 port 5999
pass out quick log on $if1 proto tcp from $if1 to any port 5999
# cat rc.conf.local
ntpd_flags= # enabled during install
ftpproxy_flags=""