[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: no NAT, ftp-proxy, & passive FTP

To: Chris Wage <cwage@quietlife.net>
Subject: Re: no NAT, ftp-proxy, & passive FTP
From: gabe f <gabe_1@mac.com>
Date: Fri, 12 Sep 2003 16:50:39 -0400
Cc: misc@openbsd.org
References: <20030910205248.GA26105@agenteight.com> <20030911000732.GD7952@othin.ninehells.com> <20030912162404.GG26105@agenteight.com>
User-Agent: Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.4) Gecko/20030909

Chris Wage wrote:

>Because pf redirects packets outgoing on port 21 to localhost on port
>8021
>
>Subsequent Passive data requests come from the originating host (behind
>the firewall) on an arbitrary higher source port destined for the FTP
>server on an arbitrary higher port. There's no way to catch this that I
>am aware of.
>
>--Chris
>
>  
>
geez, why an ftp proxy on a non-nated system? you would need an ftp-proxy
to be able to run a script when it receives the dynamic data port from the
server, and delay the transmition of that packet for some time (enough for
it to talk to pf), then it would have to do nat on that tcp data connection.
don't think that's what you want.

References:
- no NAT, ftp-proxy, & passive FTP
  - From: Chris Wage <cwage@quietlife.net>
- Re: no NAT, ftp-proxy, & passive FTP
  - From: "Peter H. Coffin" <hellsop@ninehells.com>
- Re: no NAT, ftp-proxy, & passive FTP
  - From: Chris Wage <cwage@quietlife.net>

Prev by Date: Determining if my OpenBSD 3.3 box sent out mails
Next by Date: Re: email header analysis
Prev by thread: Re: no NAT, ftp-proxy, & passive FTP
Next by thread: rsync usage in spamd.conf
Index(es):
- Date
- Thread