Hello,
Our firewall between the proxy and the internet is configured very restrictive, so only known ports are allowed in either direction. This poses a problem with the EPSV/PASV implementation of the ftp proxy; servers that are able to run in EPSV or PASV mode make the proxy produce a "bad gateway" error ( Firewall / NAT ? ). I've temporarly enabled the bypass code but I was thinking of writing a more permanent patch.
Therefor, please your opinion: there are two ways to implement this :
1) add a directive to specify if EPSV and/or PASV should be used
2) alter the code to continue with PORT where it now throws a bad gateway error
The second option is the easiest for the administrator, but generates more processing overhead ( arbitrary ports will always be blocked, but the proxy will continue trying for every request ). The first options produces less overhead, but requires intervention by the administrator ( adaptation of docs, ... ).
Thanx !
Peter.
