From owner-freebsd-questions@FreeBSD.ORG  Sun Jul 13 07:07:49 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E830537B401
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jul 2003 07:07:49 -0700 (PDT)
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4DB4743F93
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jul 2003 07:07:49 -0700 (PDT)
	(envelope-from freebsd-questions-local@be-well.no-ip.com)
Received: from be-well.ilk.org (be-well.no-ip.com[66.30.200.37])
          by comcast.net (rwcrmhc13) with ESMTP
          id <20030713140747015008rnrie>; Sun, 13 Jul 2003 14:07:47 +0000
Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [66.30.200.37]
	(may be forged))
	by be-well.ilk.org (8.12.9/8.12.9) with ESMTP id h6DE7kP0078441;
	Sun, 13 Jul 2003 10:07:46 -0400 (EDT)
	(envelope-from freebsd-questions-local@be-well.no-ip.com)
Received: (from lowell@localhost)
	by be-well.ilk.org (8.12.9/8.12.6/Submit) id h6DE7jus078438;
	Sun, 13 Jul 2003 10:07:45 -0400 (EDT)
X-Authentication-Warning: be-well.ilk.org: lowell set sender to
	freebsd-questions-local@be-well.ilk.org using -f
Sender: lowell@be-well.no-ip.com
To: "Remington L." <cableboy@charter.net>
References: <auto-000075006541@remt29.cluster1.charter.net>
From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com>
Date: 13 Jul 2003 10:07:45 -0400
In-Reply-To: <auto-000075006541@remt29.cluster1.charter.net>
Message-ID: <44isq6tt8u.fsf@be-well.ilk.org>
Lines: 18
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: freebsd-questions@freebsd.org
Subject: Re: Newbie proxy question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: freebsd-questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2003 14:07:50 -0000

"Remington L." <cableboy@charter.net> writes:

> I am interested in installing an FTP proxy server on my default gateway. I
> understand caching and all that, my question goes along the lines of
> security. Lets say I leave ports 21, 20 open on the server(default gateway)
> and I have another machine which is the actually FTP server. 

You also need to handle the data connections, and forward them.

>                                                              I read
> somewhere about proxy packet inspection. It is my understanding that without
> the proxy anyone can portscan me and find the open port. With proxy
> inspection it will only allow in valid FTP commands through, making it
> harder to find the open ports. Does this hold true?

You can be portscanned in either case.  To support FTP, you have to
have the FTP command port open.