Date: Thu, 20 May 1999 11:04:24 -0700 From: "Addr.com Web Hosting" <admin@addr.net> To: freebsd-security@freebsd.org Subject: question about ftpd sercurity feature. Message-ID: <4.2.0.37.19990520104919.02a14ee0@mail.addr.com>
next in thread | raw e-mail | index | archive | help
Hi, I have a question regarding a security feature which is build in to the "ftpd" on the FreeBSD system. The feature is that the server will not accept any "PORT" command unless the address matches that of the client. The reason this is a problem is because I am partially proxy-ing the connection, and the client address is that of the proxy, but I don't want the proxy to handle data connections, just have them made directly to the client. In more detail (and I would appreciate any comments/suggestions about this scheme or any alternate scheme you can recommend): We have users distributed among several machines, however, we would like for the users to be able to access their account via a single FTP server. We currently using NFS, however, under heavier loads it becomes unmanageable and unstable. Instead, I have developed a very simple proxy, which queries for the user name and then based on an internal table makes the connection to the correct server, and simply pipes any data from the server to the client, and vice versa. This is were I hit the problem that the server will not establish a data connection to any machine other then the proxy. Of course I can proxy the data connection as well, but if it doesn't cause any security issues, I would much rather just comment that line out of the ftpd server. Thanks in advance, Anthony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990520104919.02a14ee0>