On Sunday 01 July 2007 19:58, Camiel Dobbelaar wrote: > On Sun, 1 Jul 2007, Chris Cohen wrote: > > according to http://www.openbsd.org/faq/pf/ftp.html i've setup ftp-proxy > > and changed my pf.conf. A client on the extern interface of the firewall > > can upload files, use passive and active mode. But fxp transfers (server > > to server) doesn't work. My ftpserver (vsftpd) on the host behind the > > firewall doesn't tell me anything but: > > Sun Jul 1 18:11:27 2007 [pid 3929] [chris] FAIL UPLOAD: > > Client "10.1.3.1", "/home/chris/README.MIRRORING-US", 0.00Kbyte/sec > > Doesn't ftp-proxy support fxp transvers in reverse mode? > > No, this entry in the manpage CAVEAT section applies: > > The negotiated IP address for active modes is ignored for security > reasons. This makes third party file transfers impossible. > > I do have plans to make ftp-proxy optionally allow negotiated IP > addresses, but I'm a bit busy at the moment, so don't hold your breath. > I read the manpage but as it seems a bit too fast... Is there a workarround (without ftp-proxy)? If I just rdr the ports I will run into trouble with passive mode I think as I'm doing nat.
-- Greetings Chris
