FTP server behind firewall?

Jon Radel jon at radel.com
Thu Apr 17 02:06:39 UTC 2008

Gilles wrote:
> Hello
> We have FreeBSD server on our private LAN behind a NAT firewall on
> which I'd like to add an FTP server so that customers can send us
> stuff.
> Problem is, since customers might have a NAT firewall on their end,
> the client application must connect in passive mode... but this just
> moves the problem to our end, where the FTP server will open a random
> port for data... to which the client will fail connecting since our
> NAT firewall is keeping them out of our LAN :-/
> Is there a way to keep our server in the private LAN and still provide
> a way for customers to upload data? Hard-code the socket number used
> by the FTP server for data? Use a different type of server?

What control do you have over the firewall?  One of the cleaner
solutions would be to run an ftp proxy on the firewall, such as that
supplied with pf.  See ftp-proxy(8) or

--Jon Radel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3283 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080417/c5e5bbec/smime.bin

More information about the freebsd-questions mailing list