On Fri, Nov 30, 2012 at 7:47 AM, Stuart Henderson <s...@spacehopper.org> wrote: > Not exactly, but you might be able to do something with this, *before* > your ftp-proxy rule: > > pass out quick proto tcp to 0.0.0.0/0 port 8821 rdr-to 0.0.0.0/0 port 21 > bitmask > > Then if you tell your ftp client to connect to port 8821 it would get > redirected to port 21 and skip ftp-proxy. You would still need rules to > permit data connections as of course the commands in the control > connection cannot be inspected (though changing active/passive may help > there).
Creative! Unfortunately the client side runs some embedded script so changing the outbound port is not possible. But I like the idea. Thanks, Chris
