pass in quick on sip0 proto tcp from any to 83.xxx.104.34 port = 21 keep state # FTP Cmd pass in quick on sip0 proto tcp from any to 83.xxx.104.34 port 64000 >< 65000 flags S keep state # FTP Passive pass in quick on sip1 proto tcp from 83.xxx.104.34 port = 20 to any keep state # FTP Data (Active)
SIP0 is the Public Interface, SIP1 is the DMZ One. 83.xxx.104.34 is the public FTP's address
PassivePorts 64000 65000 IdentLookups off