Re: ipf/ipnat ftp proxy mode for server side?

To: Edgar Fuß <ef%math.uni-bonn.de@localhost>, tech-net%NetBSD.org@localhost
Subject: Re: ipf/ipnat ftp proxy mode for server side?
From: "Darren Reed" <darrenr%netbsd.org@localhost>
Date: Tue, 06 Dec 2011 16:55:17 +0100

On Thu, Dec 1, 2011, at 12:14 AM, Edgar Fuß wrote:
> > rdr bge0 1.2.3.4/32 port ftp -> 1.2.3.4 port ftp tcp proxy ftp
> Sorry, I don't get that. Could you explain how it works?
> Is that 1.2.3.4 supposed to be the IP of my FTP server? On both sides?
> Shouldn't the rule involve the ftp-data port?

Yes, the 1.2.3.4 is supposed to be the IP address of your FTP server
and "bge0" would be the network interface that is on the "other side
of the firewall" to the FTP server (the inteface into which FTP SYN
packets are first seen by the firewall when people want to connect
to the ftp srver.)

You should only need the one rule and no, it does not need to involve
the ftp-data port. That is managed by the in-kernel proxy.

Darren

References:
- ipf/ipnat ftp proxy mode for server side?
  - From: Edgar Fuß
- Re: ipf/ipnat ftp proxy mode for server side?
  - From: Darren Reed
- Re: ipf/ipnat ftp proxy mode for server side?
  - From: Edgar Fuß

Prev by Date: Re: ipf/ipnat ftp proxy mode for server side?
Next by Date: radix tree performance
Previous by Thread: Re: ipf/ipnat ftp proxy mode for server side?
Next by Thread: Lockless, atomic FIFO/LIFO queues
Indexes:

Home | Main Index | Thread Index | Old Index