int_if = "em0"
ext_if = "em1"
scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from $int_if:network to any -> (em1)
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
block all
pass quick on lo0 all
antispoof quick for $int_if inet
anchor "ftp-proxy/*"
pass on $int_if all keep state
pass in quick on $ext_if proto tcp from any to ($ext_if) port 32822 flags S/SA keep state
pass in quick on $ext_if proto tcp from any to ($ext_if) port 80 flags S/SA keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp,icmp} all keep state
ext_if = "em1"
scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from $int_if:network to any -> (em1)
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
block all
pass quick on lo0 all
antispoof quick for $int_if inet
anchor "ftp-proxy/*"
pass on $int_if all keep state
pass in quick on $ext_if proto tcp from any to ($ext_if) port 32822 flags S/SA keep state
pass in quick on $ext_if proto tcp from any to ($ext_if) port 80 flags S/SA keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp,icmp} all keep state
转载于:https://blog.51cto.com/cqfish/138699
扫一扫
1130
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
