netbsd-users: Re: Passive FTP through a filewall

Subject: Re: Passive FTP through a filewall
To: None <netbsd-users@netbsd.org>
From: Aaron J. Grier <agrier@poofygoof.com>
List: netbsd-users
Date: 08/09/2001 17:13:00

On Thu, Aug 09, 2001 at 05:13:44PM -0400, Todd Vierling wrote:

> You have three options here:
> 
> * Disallow passive transfers (set "passive none" in /etc/ftpd.conf).  This
>   causes you to violate the FTP spec, and will break many Web browsers
>   that cannot retry with active.

I do this... and indeed, many browsers breaketh.

> * Run a SOCKS5-ified ftpd with a SOCKS5 server on the NAT router, so that
>   listening sockets will actually be opened on the NAT router with
>   proper IP and port numbers.  This has CPU usage implications on the
>   NAT router.
> 
> * Write a "proxy port ftp-server" translator for ipf, or beg the ipf
> author to do this.  8-)

isn't there some way to configure a straight proxy ftp server to do
this, too?  you're still running a ftp server on your NAT box, but at
least the files wouldn't have to be stored there...

-- 
  Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com