From owner-freebsd-stable@FreeBSD.ORG Fri Nov 21 14:19:37 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B68121065670 for ; Fri, 21 Nov 2008 14:19:37 +0000 (UTC) (envelope-from sclark46@earthlink.net) Received: from elasmtp-kukur.atl.sa.earthlink.net (elasmtp-kukur.atl.sa.earthlink.net [209.86.89.65]) by mx1.freebsd.org (Postfix) with ESMTP id 876568FC0C for ; Fri, 21 Nov 2008 14:19:37 +0000 (UTC) (envelope-from sclark46@earthlink.net) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=eyto03hWHbmp6/o0nVLVfxbqbC3Mb7j9AI28ITXSLj5HVQ97dXW/2zKeKa4JbWj5; h=Received:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [208.118.36.229] (helo=joker.seclark.com) by elasmtp-kukur.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1L3Wr8-0007rP-Fd; Fri, 21 Nov 2008 09:19:34 -0500 Message-ID: <4926C375.5070108@earthlink.net> Date: Fri, 21 Nov 2008 09:19:33 -0500 From: Stephen Clark User-Agent: Thunderbird 2.0.0.16 (X11/20080723) MIME-Version: 1.0 To: Bartosz Stec References: <4926B03E.6020108@earthlink.net> <4926B1B8.8000707@kkip.pl> In-Reply-To: <4926B1B8.8000707@kkip.pl> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: a437fbc6971e80f61aa676d7e74259b7b3291a7d08dfec79829de2439918dab95a8754628ce5d0dd350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 208.118.36.229 Cc: FreeBSD Stable Subject: Re: support for natted ftp server and passive mode X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sclark46@earthlink.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 14:19:37 -0000 Bartosz Stec wrote: > Stephen Clark pisze: >> Do any of the firewall products on FreeBSD provide support >> for a natted ftp server sitting behind the FreeBSD FW. >> >> Without having the ftp server advertise the external address >> in its passive mode packet, in other words have the firewall >> product look inside the packet and change the internal address >> in the data portion of the packet to the external address. >> >> Thanks, >> Steve >> > pf + ftp-proxy > > http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8&manpath=OpenBSD+4.4 > > Thanks, this seems to do the trick on 6.3 - unfortunately it doesn't work on FreeBSD 4.9. We have a number of installations which are still running on 4.9 :( Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)