FTP reverse proxy
Miroslav Lachman
000.fbsd at quip.cz
Wed Jun 15 23:15:05 GMT 2005
Is ftpsesame working on FreeBSD 5.4? I found ftpsesame webpage a few
days ago, but available downloads is marked as
Download ftpsesame-0.91 for OpenBSD 3.4 and 3.5.
Download ftpsesame-0.95 for OpenBSD 3.6.
Max Laier wrote:
> On Wednesday 15 June 2005 08:33, Art Okunev wrote:
>
>>Hello freebsd-pf,
>>
>> I'm in the process of migrating Linux based firewall/router to
>> FreeBSD (PF).
>>
>> Firewall supposed to be working in a hosting environment so actually
>> external interface is connected to uplink router; behind firewall
>> are couple of class C networks with bunch of web and FTP servers.
>>
>> The only thing I am missing from Linux is ip_conntrack_ftp kernel
>> module which monitors the traffic on port 21 and dynamically opens
>> the higher no (data) ports that the control on port 21 asks for.
>>
>> Maybe I'm wrong but it seems that ftp-proxy only works for ftp
>> clients behind ftp-proxy.
>>
>> Another bad thing about this setup is that networks behind firewall
>> managed by our clients so it is not possible to know IP addresses of
>> FTP servers and ephemeral port ranges they are using.
>>
>> So far I have to put something like:
>>
>> pass all proto tcp from any port 1024:65535 to any port 1024:65535
>>
>> in order to allow passive FTP (I hate this idea!).
>>
>> Is there any "correct" way to configure PF to allow passive mode ftp
>> connection to FTP servers behind firewall without having to open
>> higher ports for all network range?
>
>
> Did you see:
> http://www.sentia.org/projects/ftpsesame/ ?
>
--
Miroslav Lachman
Webapplication Developer
More information about the freebsd-pf
mailing list