FTP reverse proxy
Art Okunev
art at okunev.com
Wed Jun 15 06:33:55 GMT 2005
Hello freebsd-pf,
I'm in the process of migrating Linux based firewall/router to
FreeBSD (PF).
Firewall supposed to be working in a hosting environment so actually
external interface is connected to uplink router; behind firewall
are couple of class C networks with bunch of web and FTP servers.
The only thing I am missing from Linux is ip_conntrack_ftp kernel
module which monitors the traffic on port 21 and dynamically opens
the higher no (data) ports that the control on port 21 asks for.
Maybe I'm wrong but it seems that ftp-proxy only works for ftp
clients behind ftp-proxy.
Another bad thing about this setup is that networks behind firewall
managed by our clients so it is not possible to know IP addresses of
FTP servers and ephemeral port ranges they are using.
So far I have to put something like:
pass all proto tcp from any port 1024:65535 to any port 1024:65535
in order to allow passive FTP (I hate this idea!).
Is there any "correct" way to configure PF to allow passive mode ftp
connection to FTP servers behind firewall without having to open
higher ports for all network range?
--
Best regards,
Art mailto:art at okunev.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050615/3b63f119/attachment.bin
More information about the freebsd-pf
mailing list