On Fri, 23 Sep 2005 13:45:45 -0700 (PDT)
Daniel Smereka <[EMAIL PROTECTED]> wrote:
> Is it possible to get such a client running in passive mode using pf
> rdr/rules?
>
> I understand that I can't use ftp-proxy for this b/c the PORT command
> coming back from the FTP server is encrypted. Is there any way to do
> this? thanks
The whole idea of passive ftp is that it is the client initiating both
control and data connections, so ftp or ftpssl there should be no need
for additional nat fw rules.
If the server is behind the NAT then you need to set a rdr rule for the
high port numbers and the ftp server must masquerade as the nat's ip
address.
rdr on $ext_if from any to $ftp port {60000:65535} -> $local_ftp
for example.
--
A horse is a horse, of course, of course, And no one can talk to a
horse, of course, Unless, of course, the horse, of course, Is the famous
Mr. Ed! http://www.usenix.org.uk - http://irc.is-cool.net
