On Tue, 16 Mar 2010, Dave Anderson wrote:
>On Tue, 16 Mar 2010, Simon Perreault wrote:
>
>>On 03/15/2010 11:49 PM, Dave Anderson wrote:
>>> I'm configuring a notebook which will use PF to protect itself from the
>>> environments in which I use it, and would like to have FTP 'just work'
>>> on it -- whether it's from an explicit FTP command, from a browser, or
>>> embedded in some other program or script.
>>
>>I see two options:
>>
>>1. pass out
>
>This can work for passive FTP if one is willing to allow outbound
>connections to all non-privileged ports, but is useless for active FTP.
>
>>2. ftp-proxy(8)
>
>Unless I've missed something, this is useless when the FTP connection
>originates on the system where ftp-proxy is running -- the control
>connection packets must traverse some interface in the inbound direction
>for PF to be able to redirect them to ftp-proxy.
A clarification: I do know that ftp-proxy can be used as an explicit
proxy as well as transparently via PF redirection, and that the
FTP_PROXY environment variable can be set to specify an explict proxy
for many programs/scripts. But since (as stated in my original message)
I'd really like FTP to 'just work' and AFAIK some programs/scripts
ignore FTP_PROXY and some others don't allow for an explicit proxy at
all, I believe that ftp-proxy can't currently do what I want (though it
may come closer than anything else currently available).
Dave
>Thanks anyway,
>
> Dave
--
Dave Anderson
<[email protected]>
