Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Apr 2008 22:06:24 -0400
From:      Jon Radel <jon@radel.com>
To:        Gilles <gilles.ganault@free.fr>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: FTP server behind firewall?
Message-ID:  <4806B0A0.7000902@radel.com>
In-Reply-To: <hq9d04lrm3bocphdo0msfnh5pnfved0ar2@4ax.com>
References:  <hq9d04lrm3bocphdo0msfnh5pnfved0ar2@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Gilles wrote:
> Hello
> 
> We have FreeBSD server on our private LAN behind a NAT firewall on
> which I'd like to add an FTP server so that customers can send us
> stuff.
> 
> Problem is, since customers might have a NAT firewall on their end,
> the client application must connect in passive mode... but this just
> moves the problem to our end, where the FTP server will open a random
> port for data... to which the client will fail connecting since our
> NAT firewall is keeping them out of our LAN :-/
> 
> Is there a way to keep our server in the private LAN and still provide
> a way for customers to upload data? Hard-code the socket number used
> by the FTP server for data? Use a different type of server?

What control do you have over the firewall?  One of the cleaner
solutions would be to run an ftp proxy on the firewall, such as that
supplied with pf.  See ftp-proxy(8) or
http://www.openbsd.org/faq/pf/ftp.html

--Jon Radel

[-- Attachment #2 --]
0	*H
010	+0	*H
	100\mtv0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10URadel10U*
Jon Thomas10UJon Thomas Radel10	*H
	
jon@radel.com0"0
	*H
0
t,Pp#
٬q_2=L-^m>z3ʟV![([ AoE}ϛ3/6?񥃮cWx(/)'$6sTl<*i'=uoxMbt
rdtnxud1R6T>zU0FZ,vN9NP{>qE`^P;	*Wg/jN*OVՠQMB(=:
*0(0U0
jon@radel.com0U00
	*H
h!oܨ[А!fN#[Z
b$3?x&$~Ħ9}`MX[It}/bXZajgxɥ' 2NrtWAr sFި'^@mDVw\)00\mtv0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10URadel10U*
Jon Thomas10UJon Thomas Radel10	*H
	
jon@radel.com0"0
	*H
0
t,Pp#
٬q_2=L-^m>z3ʟV![([ AoE}ϛ3/6?񥃮cWx(/)'$6sTl<*i'=uoxMbt
rdtnxud1R6T>zU0FZ,vN9NP{>qE`^P;	*Wg/jN*OVՠQMB(=:
*0(0U0
jon@radel.com0U00
	*H
h!oܨ[А!fN#[Z
b$3?x&$~Ħ9}`MX[It}/bXZajgxɥ' 2NrtWAr sFި'^@mDVw\)0?0
0
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
	*H
0Ħ<UsUNʙZhup[v:aQP
0cZ,p+Z?qV˯<6$*+w=+>@dקe*TH<a@dr`00U00CU<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 010UPrivateLabel2-1380
	*H
HP.
fgCL!6-6/P p<ab:~t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$F]_eO1d0`0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0	+0	*H
	1	*H
0	*H
	1
080417020624Z0#	*H
	1Ôqe2Z0R	*H
	1E0C0
*H
0*H
0
*H
@0+0
*H
(0	+71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0*H
	1xv0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0
	*H
=ezcjƩfdsyF[h'.n-kHq5uY"</ꯘS;Kԭu[幉2DVrn3
zAqI|?6E锷/QE֯ B.	+)gCBNȻx
U 0&(Q'A6QΤR4L1ijK3qLJgiWḑ1@yEͼٰ#N3{!~~e垲yOofM

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4806B0A0.7000902>