pf ftp question (read pls)

first of all, hello to you all
second, let's get back to business.

my system: freebsd 6.2 with pf as firewall. issue: the ftp
thinghy. I  
managed to make it work using ftp-proxy but that's not the
problem in  
matter here. The problem, my question, is why doesn't pf
leave alone the  
20:21 port. instead of filtering it, or whatever it does to
it, why, when  
i tell it to leave open and not to touch it, it keeps
filtering it. the  
port is open but there is still a control rutine from pf
there....why  
doesn't it simply leave it alone ?any way of doing that?
i've been  
google'ing and will still keep on doing it until i find
something useful.

-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

claudiu vasadi florin wrote:
> first of all, hello to you all
> second, let's get back to business.
> 
> my system: freebsd 6.2 with pf as firewall. issue: the
ftp thinghy. I  
> managed to make it work using ftp-proxy but that's not
the problem in  
> matter here. The problem, my question, is why doesn't
pf leave alone the  
> 20:21 port. instead of filtering it, or whatever it
does to it, why, when  
> i tell it to leave open and not to touch it, it keeps
filtering it. the  
> port is open but there is still a control rutine from
pf there....why  
> doesn't it simply leave it alone ?any way of doing
that? i've been  
> google'ing and will still keep on doing it until i find
something useful.
> 

PF works as you would expect.
FTP does not work like you think.

Read up on how FTP actually works (and keep in mind your
assumptions
are WRONG).  There is a lot more to FTP than ports 20 and
21.  That's
where ftp-proxy comes to your rescue.  It is the
poster-child of "What
were they thinking?" protocols, though admittedly from
an age of the
"we're all friends" Internet.

Nick.