On Fri, Apr 24, 2009 at 12:17 PM, Cameron Schaus <c...@schaus.ca> wrote: > I have an OpenBSD 4.4 firewall with some clients connecting via IPSEC. Some > clients have flows established to servers not on the local LAN, and these > clients are natted through the internet interface to access these servers. > It's a bit convoluted, but things work, except of course for ftp.
The IPsec flow is between the FTP client and the FTP server? Then by design, any intermediary will not be able to eavesdrop or alter packets in transit. > I am at a bit of a loss here, and I'm wondering if there's anything I can do > to proxy the IPSEC ftp traffic, or if there are any other options I have at > this point. If you're okay with allowing arbitrary outgoing TCP connections and can live with only allowing clients to use passive FTP (I believe the default nowadays), then you shouldn't need ftp-proxy at all.
