Date: Tue, 18 Jun 2013 22:29:51 +0200 From: Rainer Duffner <rainer@ultra-secure.de> To: "Mark Felder" <feld@feld.me> Cc: freebsd-stable@freebsd.org Subject: Re: Problem with ftp-proxy Message-ID: <83C1CB74-FFB3-453B-8D7B-BFDC9ED6FA80@ultra-secure.de> In-Reply-To: <op.wyvg0ziv34t2sn@tech304.office.supranet.net> References: <20130618131143.340dff14@suse3> <op.wyvg0ziv34t2sn@tech304.office.supranet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 18.06.2013 um 13:32 schrieb "Mark Felder" <feld@feld.me>: > On Tue, 18 Jun 2013 06:11:43 -0500, Rainer Duffner = <rainer@ultra-secure.de> wrote: >=20 >> Hi, >>=20 >>=20 >> I use ftp-proxy, together with the patch that starts multiple = instances: >>=20 >=20 > I recommend avoiding ftp-proxy and setting up static rules that you = know will work. On our systems in pure-ftpd.conf we set >=20 > PassivePortRange 3000 3200 >=20 > and then on the system's firewall and every firewall in front we pass = through ports 3000-3200. It's a simple solution that's guaranteed to = work, and you don't have to debug what the proxy is doing. >=20 > Also, most ftp-proxy software tends to do a very bad job once you = start throwing in FTPES. We see this with customer firewalls all the = time. These firewall services under the guise of "proxys", "fixups", or = "Application Layer Gateways" are just inconsistent and unreliable no = matter which vendor supplies it. >=20 > Note, you may have to make the range larger if you expect more than = 200 concurrent sessions. Hi, thanks for the hint. I didn't get that to work right away, either=85. But while I worked through various documentations and tutorials, I = checked if net.inet.ip.forwarding was actually set to 1. It wasn't, even though sysctl.conf had it set. After re-applying it, things started to work again=85 Best Regards, Rainer=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?83C1CB74-FFB3-453B-8D7B-BFDC9ED6FA80>