Date: Tue, 18 Jun 2013 22:29:51 +0200 From: Rainer Duffner <rainer@ultra-secure.de> To: "Mark Felder" <feld@feld.me> Cc: freebsd-stable@freebsd.org Subject: Re: Problem with ftp-proxy Message-ID: <83C1CB74-FFB3-453B-8D7B-BFDC9ED6FA80@ultra-secure.de> In-Reply-To: <op.wyvg0ziv34t2sn@tech304.office.supranet.net> References: <20130618131143.340dff14@suse3> <op.wyvg0ziv34t2sn@tech304.office.supranet.net>
index | next in thread | previous in thread | raw e-mail
Am 18.06.2013 um 13:32 schrieb "Mark Felder" <feld@feld.me>: > On Tue, 18 Jun 2013 06:11:43 -0500, Rainer Duffner <rainer@ultra-secure.de> wrote: > >> Hi, >> >> >> I use ftp-proxy, together with the patch that starts multiple instances: >> > > I recommend avoiding ftp-proxy and setting up static rules that you know will work. On our systems in pure-ftpd.conf we set > > PassivePortRange 3000 3200 > > and then on the system's firewall and every firewall in front we pass through ports 3000-3200. It's a simple solution that's guaranteed to work, and you don't have to debug what the proxy is doing. > > Also, most ftp-proxy software tends to do a very bad job once you start throwing in FTPES. We see this with customer firewalls all the time. These firewall services under the guise of "proxys", "fixups", or "Application Layer Gateways" are just inconsistent and unreliable no matter which vendor supplies it. > > Note, you may have to make the range larger if you expect more than 200 concurrent sessions. Hi, thanks for the hint. I didn't get that to work right away, either…. But while I worked through various documentations and tutorials, I checked if net.inet.ip.forwarding was actually set to 1. It wasn't, even though sysctl.conf had it set. After re-applying it, things started to work again… Best Regards, Rainerhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?83C1CB74-FFB3-453B-8D7B-BFDC9ED6FA80>