I'm in the middle of updating my firewall and was wondering if I could get opinions on the relative merits of ftp-proxy and ftpsesame for passing connections through pf. I've read through the man pages for both, and they obviously both have advantages, but I'm trying to figure out how they compare for different jobs.
My setup is fairly simple: I have a NATed home network with several users and a web host that I serve a couple of websites off of. Ideally, of course, I'd like everything to Just Work: active and passive, both from all the clients and to the server. I'm just wondering what parts should be delegated to which handler, or if some direction/connection should be left off. I'm not to interested in exact rules at this point; I can figure those out. I'm just looking for what people think is the best way to use the tools to do the job: least ports opened, least hassle, least resources, etc. >From a scan of the man pages, ftpsesame looks to be able to handle just about everything except active client connections, and ftp-proxy seems to be able to handle everything major, but requires a lot of ports open. What else should I consider? Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
