Date: 12 Apr 2001 14:13:14 -0500 From: Kirk Strauser <kirk@strauser.com> To: freebsd-ipfw@freebsd.org Subject: Beating a dead horse - ipfw and FTP Message-ID: <87puei53ud.fsf@pooh.honeypot>
next in thread | raw e-mail | index | archive | help
I've read a lot of the mailing list archives regarding ipfw and FTP. The basic consensus seems to be that FTP Is Bad and that it shouldn't be used. OK, on a technical level, I agree. Unfortunately, it's still somewhat hard to get away from. In particular, look at the FreeBSD ports system which relies heavily on using FTP to fetch source tarballs - that alone is reason enough for me to maintain usability for this antiquated protocol. Add in the fact that I have several user workstations that periodically fetch files (darn those Debian users :) ) and I'm pretty well stuck. So, has anyone agreed on a best-practices method of allowing outgoing FTP connections through ipfw? It seems like the ideal would be for someone to add an FTP method to ipfw's keep-state mechanism, but that doesn't seem to exist right now. The next best solution, to me, would be an ipfw-aware FTP proxy that can dynamically open and close ports. Does such a thing exist? If so, and there are more than one, are any of them recommended? I'm thinking that a final last-ditch-effort solution would be to write a two-part FTP proxy server so half of the server lives outside the firewall and the other half is inside, and the two halves communicate via a secure link. This might actually be a Good Thing, but darned if I'd even know where to begin such a project. -- Kirk Strauser To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87puei53ud.fsf>