Re: ftp server behind bridge

[rcooley]

Wow! And I thought I had a tendency to get software to do things it didn't want to do! [Reverse]FTP proxy on a bridging firewall? What kind of a masochist are you? How difficult would it be to just make the OpenBSD box a normal (IP-Based) firewall. Either that, or at least run the FTP Proxy on a box on the outside of the bridge. Problem solved, and no pesky writing of insane code to extend an already incredibly hacked-up protocol, which will hopefully die soon anyhow.**

Michael Coulter wrote:

Looking at ftp-proxy as well as Daniel's reverse.diff, it appears
that neither of these will help my situation, as I'm not NATing
but simply using a bridging firewall.

Is there any code or anyone threatening to write code that would
help in this situation. Some code that would allow you to run
active and passive through a bridging firewall with a default
deny policy, without having to have a rule like:

pass quick in on $ext_if proto tcp from any to any port >1024

As an aside, if anyone knows how to tell MS-FTP what port range
to allocate for passive ftp sessions, that would also be useful.