[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ftp-proxy and pf.conf

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: ftp-proxy and pf.conf
From: Daniel Hartmeier <daniel_(_at_)_benzedrine_(_dot_)_cx>
Date: Mon, 3 Dec 2001 21:12:03 +0100

On Mon, Dec 03, 2001 at 08:32:13PM +0100, Jedi/Sector One wrote:

> > you need to let port 20 (ftp-data) pass in when
> > the proxy is running as root,
> 
> No you have to let port 20 pass _out_ .

ftp-proxy enables you to use active mode FTP as a client behind a NAT
gateway. Active mode means the FTP server opens the data connection back
to the FTP client. Hence you need to let the data connection back in on
the external interface of the NAT gateway.

You probably also want to pass port 20 (or just about any connection)
out, if your NATed clients want to do passive mode FTP, where the client
connects to the server for the data connection as well.

Daniel

References:
- Re: ftp-proxy and pf.conf
  - From: Daniel Hartmeier

Prev by Date: Re: ftp-proxy and pf.conf
Next by Date: Re: X question regarding mouse
Previous by thread: Re: ftp-proxy and pf.conf
Next by thread: Re: ftp-proxy and pf.conf
Index(es):
- Date
- Thread

Visit your host, monkey.org