Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Jun 2005 01:15:00 +0200
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        freebsd-pf@freebsd.org
Subject:   Re: FTP reverse proxy
Message-ID:  <42B0B674.1010403@quip.cz>
In-Reply-To: <200506151337.13051.max@love2party.net>
References:  <105247053.20050615163349@okunev.com> <200506151337.13051.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Is ftpsesame working on FreeBSD 5.4? I found ftpsesame webpage a few 
days ago, but available downloads is marked as
Download ftpsesame-0.91 for OpenBSD 3.4 and 3.5.
Download ftpsesame-0.95 for OpenBSD 3.6.

Max Laier wrote:

> On Wednesday 15 June 2005 08:33, Art Okunev wrote:
> 
>>Hello freebsd-pf,
>>
>>  I'm in the process of migrating Linux based firewall/router to
>>  FreeBSD (PF).
>>
>>  Firewall supposed to be working in a hosting environment so actually
>>  external interface is connected to uplink router; behind firewall
>>  are  couple of class C networks with bunch of web and FTP servers.
>>
>>  The  only  thing  I am missing from Linux is ip_conntrack_ftp kernel
>>  module  which  monitors the traffic on port 21 and dynamically opens
>>  the higher no (data) ports that the control on port 21 asks for.
>>
>>  Maybe  I'm  wrong  but  it  seems  that ftp-proxy only works for ftp
>>  clients behind ftp-proxy.
>>
>>  Another  bad thing about this setup is that networks behind firewall
>>  managed by our clients so it is not possible to know IP addresses of
>>  FTP servers and ephemeral port ranges they are using.
>>
>>  So far I have to put something like:
>>
>>  pass all proto tcp from any port 1024:65535 to any port 1024:65535
>>
>>  in order to allow passive FTP (I hate this idea!).
>>
>>  Is there any "correct" way to configure PF to allow passive mode ftp
>>  connection  to  FTP  servers  behind firewall without having to open
>>  higher ports for all network range?
> 
> 
> Did you see:
> http://www.sentia.org/projects/ftpsesame/ ?
> 

-- 
Miroslav Lachman
Webapplication Developer

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42B0B674.1010403>