On Sat, 17 Mar 2007, Sebastian Reitenbach wrote:
> I use ftp-proxy on my firewall as a reverse proxy for a host on the dmz. The
> incoming connections come in on one of the the external interfaces, which is
> not the default gateway of the firewall. Therefore I use reply-to statements
> on the pass in rules to make sure the answer packets are leaving the
> firewall via this interface. The packets are redirected to the locally
> running ftp-proxy. The control connection works fine for passive and active
> ftp, but the data connection leaves the network on the wrong external
> interface, following the default route, ignoring the reply-to statement when
> they come in.

ftp-proxy does not add route-to and reply-to to the rules it adds to the 
anchors to allow the data connections, so those will always be routed 
"normally".

I once did some preliminary work on it though, after which Bill Marquette 
picked it up.  Those patches are here:

http://pfsense.com/cgi-bin/cvsweb.cgi/tools/pfPorts/pftpx-routeto/files/

(ftp-proxy used to be called pftpx)

I'm not too fond of reply-to / route-to to be honest, so I never merged 
this into ftp-proxy proper.

--
Cam

Reply via email to