[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: no NAT, ftp-proxy, & passive FTP
Chris Wage wrote:
>Because pf redirects packets outgoing on port 21 to localhost on port
>Subsequent Passive data requests come from the originating host (behind
>the firewall) on an arbitrary higher source port destined for the FTP
>server on an arbitrary higher port. There's no way to catch this that I
>am aware of.
geez, why an ftp proxy on a non-nated system? you would need an ftp-proxy
to be able to run a script when it receives the dynamic data port from the
server, and delay the transmition of that packet for some time (enough for
it to talk to pf), then it would have to do nat on that tcp data connection.
don't think that's what you want.