Subject: Re: Passive FTP through a filewall
To: None <firstname.lastname@example.org>
From: Aaron J. Grier <email@example.com>
Date: 08/09/2001 17:13:00
On Thu, Aug 09, 2001 at 05:13:44PM -0400, Todd Vierling wrote:
> You have three options here:
> * Disallow passive transfers (set "passive none" in /etc/ftpd.conf). This
> causes you to violate the FTP spec, and will break many Web browsers
> that cannot retry with active.
I do this... and indeed, many browsers breaketh.
> * Run a SOCKS5-ified ftpd with a SOCKS5 server on the NAT router, so that
> listening sockets will actually be opened on the NAT router with
> proper IP and port numbers. This has CPU usage implications on the
> NAT router.
> * Write a "proxy port ftp-server" translator for ipf, or beg the ipf
> author to do this. 8-)
isn't there some way to configure a straight proxy ftp server to do
this, too? you're still running a ftp server on your NAT box, but at
least the files wouldn't have to be stored there...
Aaron J. Grier | "Not your ordinary poofy goof." | firstname.lastname@example.org