Gilles wrote: > Hello > > We have FreeBSD server on our private LAN behind a NAT firewall on > which I'd like to add an FTP server so that customers can send us > stuff. > > Problem is, since customers might have a NAT firewall on their end, > the client application must connect in passive mode... but this just > moves the problem to our end, where the FTP server will open a random > port for data... to which the client will fail connecting since our > NAT firewall is keeping them out of our LAN :-/ > > Is there a way to keep our server in the private LAN and still provide > a way for customers to upload data? Hard-code the socket number used > by the FTP server for data? Use a different type of server?
What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html --Jon Radel
Description: S/MIME Cryptographic Signature