Am 18.06.2013 um 13:32 schrieb "Mark Felder" <[email protected]>:
> On Tue, 18 Jun 2013 06:11:43 -0500, Rainer Duffner <[email protected]> > wrote: > >> Hi, >> >> >> I use ftp-proxy, together with the patch that starts multiple instances: >> > > I recommend avoiding ftp-proxy and setting up static rules that you know will > work. On our systems in pure-ftpd.conf we set > > PassivePortRange 3000 3200 > > and then on the system's firewall and every firewall in front we pass through > ports 3000-3200. It's a simple solution that's guaranteed to work, and you > don't have to debug what the proxy is doing. > > Also, most ftp-proxy software tends to do a very bad job once you start > throwing in FTPES. We see this with customer firewalls all the time. These > firewall services under the guise of "proxys", "fixups", or "Application > Layer Gateways" are just inconsistent and unreliable no matter which vendor > supplies it. > > Note, you may have to make the range larger if you expect more than 200 > concurrent sessions. Hi, thanks for the hint. I didn't get that to work right away, either…. But while I worked through various documentations and tutorials, I checked if net.inet.ip.forwarding was actually set to 1. It wasn't, even though sysctl.conf had it set. After re-applying it, things started to work again… Best Regards, Rainer _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
