[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: no NAT, ftp-proxy, & passive FTP

To: misc@openbsd.org
Subject: Re: no NAT, ftp-proxy, & passive FTP
From: "Peter H. Coffin" <hellsop@ninehells.com>
Date: Wed, 10 Sep 2003 19:07:32 -0500
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <20030910205248.GA26105@agenteight.com>
User-Agent: Mutt/1.5.4i

On Wed, Sep 10, 2003 at 03:52:48PM -0500, Chris Wage wrote:
> Environment:
> 
> OpenBSD 3.3 doing firewalling, but no NAT. Redirecting port 21 to
> ftp-proxy as normal with:
> rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
> 
> Active FTP works great as expected. Passive FTP, however, to certain FTP
> servers (a la ftp.openbsd.org) do not:
> 
> ftp> dir
> 227 Entering Passive Mode (129,128,5,191,167,89)
> 425 Your data and control connections come from different places!
> 
> The reason should be clear: the control connection comes from the
> firewall running ftp-proxy. Subsequent requests for PASV data will come
> from the original client. This is not a problem in a NAT environment
> because all traffic appears to be coming from the same place.
> 
> Am I missing anything? Is there anything I can do to resolve this, or is
> ftp-proxy + passive + no NAT just not something that works? It's not a
> huge deal, because active FTP will always work, however some browsers
> are hardcoded to use passive.

I am only an egg: Why is the ftp proxy not bi-directional?

-- 
_  o
 |/)

Follow-Ups:
- Re: no NAT, ftp-proxy, & passive FTP
  - From: Chris Wage <cwage@quietlife.net>

References:
- no NAT, ftp-proxy, & passive FTP
  - From: Chris Wage <cwage@quietlife.net>

Prev by Date: Re: tcpdump expression feature request
Next by Date: errors in "stock" spamd.conf
Prev by thread: no NAT, ftp-proxy, & passive FTP
Next by thread: Re: no NAT, ftp-proxy, & passive FTP
Index(es):
- Date
- Thread