On Tue, 16 Mar 2010 12:39:01 -0400 (EDT) Dave Anderson <[email protected]> wrote:
> >I see two options: > > > >1. pass out > > This can work for passive FTP if one is willing to allow outbound > connections to all non-privileged ports, but is useless for active > FTP. > Yes. > >2. ftp-proxy(8) > > Unless I've missed something, this is useless when the FTP connection > originates on the system where ftp-proxy is running -- the control > connection packets must traverse some interface in the inbound > direction for PF to be able to redirect them to ftp-proxy. No. Just configure your app to use the proxy bound to localhost:port. Many apps can pick this up automatically when you have FTP_PROXY= defined in your shell, but others might require further configuration.
