Bryan S. Leaman wrote: > I have a multiple ISP router/firewall running 4.2. To make FTP work > properly over both gateways, I found and applied the following patch to > ftp-proxy **see link below** and it's working great (apparently pftpx is > very similar to ftp-proxy). Without this fix, my second ftp-proxy > process (for ISP2) allows the incoming data connection but incorrectly > tries to respond over the firewall's default gateway (ISP1). This fix > adds a "reply-to" argument to the dynamic inbound rule and makes > everything work. I believe it also adds "route-to" when using passive > FTP. I have an explicit pf route-to rule to handle the initial outbound > FTP connection coming from the ftp-proxy. > > Is there any chance that this feature could be added to the OpenBSD > code? Or is there some other way to properly route FTP over multiple > gateways with the existing ftp-proxy? Seems like something that others > may find to be useful.
I think I helped create part of that route-to diff, but I don't think it belongs in base ftp-proxy. A userland daemon should not control routing like that. Maybe the new 'tag' option can be used for this? (or else the tag option needs work ;-) ) -- Cam
