Hi there.
I tried all the ftp-proxy versions and all the possible options in inetd.conf. ftp-proxy and PF Doesn't not work with "Restrict FTP clients" in Active mode.
please if someone has a options to make "restricted FTP clients" behind NAT with pf please let me know.
Thanks Marcos Biscaysaqu ThePacific.net
Peter Fraser wrote:
After reading the ftp rfc's (959 and 1123) I don't understand how ftp-proxy can work without support of pf, and any ftp client that works in active mode with the current ftp-proxy is in violation of these rfc's.
In particular section 3.2 of rfc949 and 4.1.2.12 of rfc1123 together say that the data from an active ftp connection must come from port ftp-data and the IP address of the control channel( i.e. the IP address the ftp open command)
pf needs to be involved because ftp-proxy could rewrite the
IP address and port of the data connection before sending it
on the ftp client, but with out pf redirecting the return packets, ftp proxy would not see answering packets
from the client on the data connection.
