On Thu, March 30, 2006 12:41 pm, IMS said: > Hi all > > I'm newbie with pf, just try for a few weeks. > Now I try to write ftp rule, but after reading from many book. > I found that they guide to use ftp-proxy. > But my production site don't allow to use that. > > how could I write rule for ftp? > > I have about 200 clients. one firewall with nat rules. > All user need to use ftp to internet.
What won't they let you do? If you are installing a new firewall, ftp-proxy is part of the base system. With NAT, there really is no other general way to get FTP working. Passive FTP can be made to pass through the firewall, assuming the clients can open connections on random high ports, but active FTP just won't work. FTP is a pain. It *needs* a proxy to go through a firewall. (Though some systems build the proxy into the filter.) Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
