Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 May 1999 11:04:24 -0700
From:      "Addr.com Web Hosting" <admin@addr.net>
To:        freebsd-security@freebsd.org
Subject:   question about ftpd sercurity feature.
Message-ID:  <4.2.0.37.19990520104919.02a14ee0@mail.addr.com>

next in thread | raw e-mail | index | archive | help
Hi,

I have a question regarding a security feature which is build in to the 
"ftpd" on the FreeBSD system. The feature is that the server will not 
accept any "PORT" command unless the address matches that of the client. 
The reason this is a problem is because I am partially proxy-ing the 
connection, and the client address is that of the proxy, but I don't want 
the proxy to handle data connections, just have them made directly to the 
client.
In more detail (and I would appreciate any comments/suggestions about this 
scheme or any alternate scheme you can recommend):
We have users distributed among several machines, however, we would like 
for the users to be able to access their account via a single FTP server. 
We currently using NFS, however, under heavier loads it becomes 
unmanageable and unstable. Instead, I have developed a very simple proxy, 
which queries for the user name and then based on an internal table makes 
the connection to the correct server, and simply pipes any data from the 
server to the client, and vice versa. This is were I hit the problem that 
the server will not establish a data connection to any machine other then 
the proxy. Of course I can proxy the data connection as well, but if it 
doesn't cause any security issues, I would much rather just comment that 
line out of the ftpd server.

Thanks in advance,
Anthony


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990520104919.02a14ee0>