On 3/27/13 4:14 PM, LEVAI Daniel wrote:
On 5.2-stable, I'm trying to setup the stock ftpd(8) on a machine where the incoming traffic is not allowed arbitrarily above net.inet.ip.porthifirst, and the clients wish to use passive mode data connections. I thought I could use ftp-proxy(8) to append a pass in rule to the ftp-proxy anchor every time the client issues a PASV command, allowing the passive inbound data connection from the client to the server. I'm running ftp-proxy(8) and ftpd(8) like this: /usr/sbin/ftp-proxy -D 7 -b <server_ip> -p <custom_ftp_port> -R 127.0.0.1 -P 21 /usr/libexec/ftpd -D -A -ll -4 -n -W -u 027 -d [-P] # I've tried with and without -P
It does not work on the same server. You might try rules with "user _ftp" in pf.conf.
