Jail, pf and ftpd: Connection refused

[Redd Vinylene]

Greetings ladies and gentlemen!

Why does the below pf.conf (run from box1) give me
"getpeername(control_sock): Transport endpoint is not connected,
Socket error (Connection refused) - reconnecting" when trying to log
onto box3 via passive FTP? Active FTP gives me "425 Can't build data
connection: Connection refused." (box2 and box3 are jails running off
box1)

-

root at box1# cat /etc/pf.conf

box1 = "80.203.2.2"

box2 = "80.203.2.3"

box3 = "{ 80.203.2.4 [...] 80.203.2.127 }"

ext_if = "rl0"

set block-policy return

set skip on { lo0 }

scrub in

pass out keep state

block in

pass in on $ext_if inet proto tcp from any to any port { 22 } keep state

pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80,
110 } keep state

pass in on $ext_if inet proto udp from any to $box2 port 53 keep state

pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113
} keep state

pass in on $ext_if inet proto icmp from any to any keep state

-

root at box3# cat /etc/inetd.conf

ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l

-

I hope I've been verbose enough. Thank you!

-- 
http://www.home.no/reddvinylene