I've been setting up my jails on a cloned interface called lo1 (127.0.1.0/24) - and it seems jails are having bit of a problem using ftp in passive mode even when I think I've set things up correctly. The only jail that is not on lo1 (192.168.0.4) is not having any issues connecting to a ftp server.
pf.conf:
and ftp-proxy is really running:
Any clues?
pf.conf:
Code:
int_if="em0"
jif="lo1"
db1="127.0.1.1"
web="127.0.1.2"
proxy="127.0.1.3"
imap="127.0.1.6"
tomcat="127.0.1.8"
ns="192.168.0.4"
postgres="127.0.1.9"
nat on $int_if from $jif:network to any -> ($int_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass proto tcp from any to any port 21 -> 127.0.0.1 port 8021
#redirects to jails
rdr pass on $int_if proto tcp from any to any port 8180 -> $tomcat
rdr pass on { $int_if, lo0 } proto tcp from any to any port { 80, 443, 993 } -> $proxy
rdr pass on $int_if proto { tcp, udp } from any to ($int_if) port domain -> $ns
rdr pass on $int_if proto tcp from any to ($int_if) port 5432 -> $postgres
anchor "ftp-proxy/*"
pass all keep state
anchor "ftp-proxy/*"
and ftp-proxy is really running:
Code:
shine# sockstat -4 | grep ftp
proxy ftp-proxy 94980 3 tcp4 127.0.0.1:8021 *:*
Any clues?