Date: Wed, 16 May 2007 20:39:04 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Buki <dev@null.cz> Cc: Tom McLaughlin <tmclaugh@sdf.lonestar.org>, jhs@berklix.com, freebsd-current@freebsd.org, "Julian H. Stacey" <jhs@tower.berklix.net> Subject: Re: We don't really need two FTP daemons Message-ID: <86bqgkk3zr.fsf@dwp.des.no> In-Reply-To: <20070516152319.GG378@dev.null.cz> (dev@null.cz's message of "Wed\, 16 May 2007 17\:23\:19 %2B0200") References: <200705101342.l4ADgCgg007728@lurza.secnetix.de> <m2vef0n14o.wl%gnn@neville-neil.com> <20070510221221.GA44910@FreeBSD.czest.pl> <464392EC.5090203@elischer.org> <20070510223739.GA66016@lor.one-eyed-alien.net> <4643C90D.9040906@elischer.org> <20070511015204.GA66910@lor.one-eyed-alien.net> <1178935327.1786.6.camel@localhost> <200705151030.l4FAUbEE063594@fire.jhs.private> <86d5125fxo.fsf@dwp.des.no> <20070516152319.GG378@dev.null.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Buki <dev@null.cz> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > "Julian H. Stacey" <jhs@tower.berklix.net> writes: > > > I've never been sure which ftpd to run on my gateway (with IPFW, with= no NAT) > > > to provide proxy, so internal hosts could cd /usr/ports; make fetch > > You don't need a proxy. Do the following on each internal host: > > > > # echo 'FTP_PASSIVE_MODE=3DYES' >>/etc/profile > actually, if the internal hosts use RFC1918 addresses this wouldn't > suffice. He really needs either ftp proxy (and redirect all ftp traffic > to it) or NAT. He specifically said "no NAT", so I assumed his internal hosts had routable addresses. If they don't, he should set up Squid and define FTP_PROXY and HTTP_PROXY in the internal hosts' environments; see fetch(3) for details. Better yet, define ftp_proxy and http_proxy as some third-party software (wget, w3m) obey the lower-case variables but not the upper-case ones. OpenBSD has transparent FTP and TFTP proxies written specifically for use with pf(4), but we haven't imported them (yet). As for non-transparent FTP proxies, there are several unformalized and mostly undocumented protocols. The most common one seems to be to send the server name as part of the login name (user@server:port) when logging on to the proxy; libfetch supports that protocol and will use it if the method part of FTP_PROXY (or ftp_proxy) is either "ftp" or unspecified. One open source proxy I know of which supports this is ftp/ftpproxy in ports. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86bqgkk3zr.fsf>