On Tue, 16 Mar 2010 13:24:21 -0400 (EDT) Dave Anderson
<[email protected]> wrote:
> A clarification: I do know that ftp-proxy can be used as an explicit
> proxy as well as transparently via PF redirection, and that the
> FTP_PROXY environment variable can be set to specify an explict proxy
> for many programs/scripts. But since (as stated in my original
> message) I'd really like FTP to 'just work' and AFAIK some
> programs/scripts ignore FTP_PROXY and some others don't allow for an
> explicit proxy at all, I believe that ftp-proxy can't currently do
> what I want (though it may come closer than anything else currently
> available).
>
> Dave
There are two things I need to do
1.) Sleep
2.) install the latest snap on my firewall for figuring this out.
*if* what you want is possible with ftp-proxy(8) and redirection, then
the magic rule you're looking for will look something like this.
match out on ? proto tcp from ? to any port ftp \
rdr-to 127.0.0.1 port 8021
Without testing it, I don't know how the potential loop can be avoided,
or if it even needs to be avoided (note the "match out" example for
isakmp in the pf.conf(5) man page).
