On Sun, 05 Jun 2005 18:18:04 GMT, dave said something similar to:
: I'm trying to get ftp working for clients behind a pf firewall running
: on 3.6. Both active and passive ftp connections work from the firewall
: itself but neither work from any clients behind the firewall. I'm using a
: default block all policy and from the tcpdumps i'm doing it looks like
: source ports are being blocked when they go to the lan interface to be
: transfered to the ftp-proxy.

Of course the client to proxy traffic is being blocked. You're blocking by
default and haven't explicitly permitted it.

pass in on $LAN inet proto tcp from $LAN_CLIENTS to 127.0.0.1 port 8021 \
flags S/SA keep state