Greetings misc@
I'm hoping this hasn't been answered before, but I need a little
clarification as to the operation of ftp-proxy.
We all know that ftp-proxy, when properly configured in your
firewall, will redirect all traffic to a remote server on port 21 to
localhost 8021 (by default) and actually establish the connection to the
remote server from itself on the firewall. What I'm not clear on is the
connection(s) to the remote FTP server on the high ports for a passive
FTP transfer.
I don't implicitely allow either inbound or outbound traffic, so
what I need to know is where the traffic for the high ports of FTP
(49151 - 65535) originate. Do they 1) originate from ftp-proxy thus
needing a rule to allow 49151-65535 from the IP address of the firewall,
or 2) originate from the client machine and therefore need a rule to
allow 49151-65535 from the IP address of the client machine?
While the PF User Guide is truly an excellent document, it seems to
assume that you allow all outound traffic, so it only instructs you to
add a couple of anchors and a redirect rule. Do I need an additional
outbound 'pass' rule for FTP high ports, or does ftp-proxy handle all of
that via the anchors?
thanks in advance.
ryanc
--
Ryan Corder <[EMAIL PROTECTED]>
Systems Engineer, NovaSys Health LLC.
501-219-4444 ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
