On Sun, 1 Jul 2007, Chris Cohen wrote:
> according to http://www.openbsd.org/faq/pf/ftp.html i've setup ftp-proxy and
> changed my pf.conf. A client on the extern interface of the firewall can
> upload files, use passive and active mode. But fxp transfers (server to
> server) doesn't work. My ftpserver (vsftpd) on the host behind the firewall
> doesn't tell me anything but:
> Sun Jul 1 18:11:27 2007 [pid 3929] [chris] FAIL UPLOAD:
> Client "10.1.3.1", "/home/chris/README.MIRRORING-US", 0.00Kbyte/sec
> Doesn't ftp-proxy support fxp transvers in reverse mode?
No, this entry in the manpage CAVEAT section applies:
The negotiated IP address for active modes is ignored for security
reasons. This makes third party file transfers impossible.
I do have plans to make ftp-proxy optionally allow negotiated IP
addresses, but I'm a bit busy at the moment, so don't hold your breath.
--
Cam
