We don't really need two FTP daemons

Dag-Erling Smørgrav des at des.no
Wed May 16 18:39:09 UTC 2007

Buki <dev at null.cz> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > "Julian H. Stacey" <jhs at tower.berklix.net> writes:
> > > I've never been sure which ftpd to run on my gateway (with IPFW, with no NAT)
> > > to provide proxy, so internal hosts could cd /usr/ports; make fetch
> > You don't need a proxy.  Do the following on each internal host:
> >
> > # echo 'FTP_PASSIVE_MODE=YES' >>/etc/profile
> actually, if the internal hosts use RFC1918 addresses this wouldn't
> suffice. He really needs either ftp proxy (and redirect all ftp traffic
> to it) or NAT.

He specifically said "no NAT", so I assumed his internal hosts had
routable addresses.  If they don't, he should set up Squid and define
FTP_PROXY and HTTP_PROXY in the internal hosts' environments; see
fetch(3) for details.  Better yet, define ftp_proxy and http_proxy as
some third-party software (wget, w3m) obey the lower-case variables but
not the upper-case ones.

OpenBSD has transparent FTP and TFTP proxies written specifically for
use with pf(4), but we haven't imported them (yet).

As for non-transparent FTP proxies, there are several unformalized and
mostly undocumented protocols.  The most common one seems to be to send
the server name as part of the login name (user at server:port) when
logging on to the proxy; libfetch supports that protocol and will use it
if the method part of FTP_PROXY (or ftp_proxy) is either "ftp" or
unspecified.  One open source proxy I know of which supports this is
ftp/ftpproxy in ports.

Dag-Erling Smørgrav - des at des.no

More information about the freebsd-current mailing list